From 7b905f5a946b3408775863bf5ad1e216ed3f9454 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@securityonionsolutions.com>
Date: Mon, 6 May 2024 08:22:08 -0400
Subject: [PATCH] FEATURE: Add Events table columns for tunnel logs #12937

---
 salt/soc/defaults.yaml | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index ad154e9d1..f2bf77805 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -502,16 +502,15 @@ soc:
         - syslog.severity
         - log.id.uid
         - event.dataset
-      '::tunnels':
+      '::tunnel':
         - soc_timestamp
+        - event.dataset
         - source.ip
         - source.port
         - destination.ip
         - destination.port
-        - tunnel_type
-        - action
-        - log.id.uid
-        - event.dataset
+        - event.action
+        - tunnel.type
       '::weird':
         - soc_timestamp
         - source.ip