From 4d8661d2e09231e48dc52f7cf4555c9dad8af30b Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@securityonionsolutions.com>
Date: Mon, 18 Dec 2023 13:38:04 -0500
Subject: [PATCH] FIX: Update dashboard and hunt query for firewall logs #12021

---
 salt/soc/defaults.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 8c71f6333..371a9f2e0 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -465,10 +465,9 @@ soc:
         - destination.ip
         - destination.port
         - network.transport
-        - network.direction
+        - network.type
         - observer.ingress.interface.name
         - event.action
-        - event.reason
         - network.community_id
       ':osquery:':
         - soc_timestamp