From 3fd210463eaaec3a15837b0f81f6700f0ba19382 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Wed, 21 Dec 2022 18:11:39 -0500
Subject: [PATCH] fix redis defaults to force string keys instead of numeric

---
 salt/redis/soc_redis.yaml | 6 +++---
 salt/soc/soc_soc.yaml     | 6 ++++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/salt/redis/soc_redis.yaml b/salt/redis/soc_redis.yaml
index dad76bf80..9a86cb4c8 100644
--- a/salt/redis/soc_redis.yaml
+++ b/salt/redis/soc_redis.yaml
@@ -117,15 +117,15 @@ redis:
       advanced: True
       helpLink: redis.html
     save:
-      900:
+      '900':
         description: Set the amount of keys that need to change to save after 15 minutes.
         global: True
         helpLink: redis.html
-      300: 
+      '300: 
         description: Set the amount of keys that need to change to save after 5 minutes.
         global: True
         helpLink: redis.html
-      60: 
+      '60': 
         description: Set the amount of keys that need to change to save after 1 minute
         global: True
         helpLink: redis.html
diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
index d8dbacc29..8febe0681 100644
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -42,8 +42,9 @@ soc:
     description: A list of actions a user can take from the SOC UI against a hunt, alert, and other records. The action must be defined in JSON object format, and contain a "name" key and "links" key. The links is a list of URLs, where the most suitable URL in the list will be the selected URL when the user clicks the action.
     global: True
   eventFields:
-    description: A map of event metadata groupings to field lists. The field list specifies all the columns to show when displaying individual events (not groups). The event metadata grouping uses the format ":event.module:event.dataset".
-    global: True
+    default:
+      description: The list of fields to show as columns in the Hunt/Dashboards event table, when no other specific mapping applies. Mappings are defined by the format ":event.module:event.dataset".
+      global: True
   server:
     maxPacketCount:
       description: Maximum number of packets to show in the PCAP viewer. Larger values can cause more resource utilization on both the SOC server and the browser.
@@ -146,6 +147,7 @@ soc:
         global: True
       queries:
         description: List of default queries to show in the query list. Each query is represented in JSON object notation, and must include the "name" key and "query" key.
+        global: True
     alerts: *appSettings
     cases: *appSettings
     dashboards: *appSettings