From 5730c85988bb1a464e6ea079e951ed9bcbd6a71b Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Thu, 1 Oct 2020 17:04:15 -0400
Subject: [PATCH] More json for soc

---
 salt/soc/files/soc/hunt.eventfields.default.yaml | 4 ++--
 salt/soc/files/soc/soc.json                      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/salt/soc/files/soc/hunt.eventfields.default.yaml b/salt/soc/files/soc/hunt.eventfields.default.yaml
index 496837c1e..9ed0e3203 100644
--- a/salt/soc/files/soc/hunt.eventfields.default.yaml
+++ b/salt/soc/files/soc/hunt.eventfields.default.yaml
@@ -1,6 +1,6 @@
 soc:
   hunt:
-    eventfields: {
+    eventfields: 
           "default": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "log.id.uid", "network.community_id", "event.dataset" ],
           "::conn": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "network.transport", "network.protocol", "log.id.uid", "network.community_id" ],
           "::dce_rpc": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "dce_rpc.endpoint", "dce_rpc.named_pipe", "dce_rpc.operation", "log.id.uid" ],
@@ -42,4 +42,4 @@ soc:
           ":strelka:file": ["soc_timestamp", "scan.exiftool.OriginalFileName", "file.size", "hash.md5", "scan.exiftool.CompanyName", "scan.exiftool.Description", "scan.exiftool.Directory", "scan.exiftool.FileType", "scan.exiftool.FileOS", "log.id.fuid" ],
           ":suricata:": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "rule.name", "rule.category", "event.severity_label", "log.id.uid", "network.community_id" ],
           ":sysmon:": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "source.hostname", "event.dataset", "process.executable", "user.name" ],
-          ":windows_eventlog:": ["soc_timestamp", "user.name" ] }
\ No newline at end of file
+          ":windows_eventlog:": ["soc_timestamp", "user.name" ] 
\ No newline at end of file
diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json
index 95a4a8f89..496e9fee4 100644
--- a/salt/soc/files/soc/soc.json
+++ b/salt/soc/files/soc/soc.json
@@ -46,7 +46,7 @@
         "relativeTimeValue": 24,
         "relativeTimeUnit": 30,
         "mostRecentlyUsedLimit": 5,
-        "eventFields": {{ hunt_eventfields.soc.hunt.eventfields | json }} ,
+        "eventFields": { {{ hunt_eventfields.soc.hunt.eventfields | json }} },
         "queryBaseFilter": "",
         "queryToggleFilters": [],
         "queries": {{ hunt_queries.soc.hunt.queries | json }} ,