From 563a495725d5aca4b8b0b70a7963b5173ce2a53a Mon Sep 17 00:00:00 2001 From: weslambert Date: Mon, 21 Aug 2023 11:24:07 -0400 Subject: [PATCH] Add Playbook --- salt/soc/defaults.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index 8ac49ea2e..ff8b240ec 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -1586,6 +1586,15 @@ soc: - rule.uuid - rule.category - rule.rev + ':playbook:': + - soc_timestamp + - rule.name + - event.severity_label + - event_data.event.module + - event_data.event.category + - event_data.process.executable + - event_data.process.pid + - event_data.winlog.computer_name queryBaseFilter: tags:alert queryToggleFilters: - name: acknowledged