diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 8c71f6333..371a9f2e0 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -465,10 +465,9 @@ soc:
         - destination.ip
         - destination.port
         - network.transport
-        - network.direction
+        - network.type
         - observer.ingress.interface.name
         - event.action
-        - event.reason
         - network.community_id
       ':osquery:':
         - soc_timestamp