More json for soc

salt/soc/files/soc/hunt.eventfields.default.yaml

@@ -1,6 +1,6 @@
 soc:
   hunt:
-    eventfields: {
+    eventfields: 
           "default": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "log.id.uid", "network.community_id", "event.dataset" ],
           "::conn": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "network.transport", "network.protocol", "log.id.uid", "network.community_id" ],
           "::dce_rpc": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "dce_rpc.endpoint", "dce_rpc.named_pipe", "dce_rpc.operation", "log.id.uid" ],
@@ -42,4 +42,4 @@ soc:
           ":strelka:file": ["soc_timestamp", "scan.exiftool.OriginalFileName", "file.size", "hash.md5", "scan.exiftool.CompanyName", "scan.exiftool.Description", "scan.exiftool.Directory", "scan.exiftool.FileType", "scan.exiftool.FileOS", "log.id.fuid" ],
           ":suricata:": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "rule.name", "rule.category", "event.severity_label", "log.id.uid", "network.community_id" ],
           ":sysmon:": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "source.hostname", "event.dataset", "process.executable", "user.name" ],
-          ":windows_eventlog:": ["soc_timestamp", "user.name" ] }
+          ":windows_eventlog:": ["soc_timestamp", "user.name" ] 

salt/soc/files/soc/soc.json

@@ -46,7 +46,7 @@
         "relativeTimeValue": 24,
         "relativeTimeUnit": 30,
         "mostRecentlyUsedLimit": 5,
-        "eventFields": {{ hunt_eventfields.soc.hunt.eventfields | json }} ,
+        "eventFields": { {{ hunt_eventfields.soc.hunt.eventfields | json }} },
         "queryBaseFilter": "",
         "queryToggleFilters": [],
         "queries": {{ hunt_queries.soc.hunt.queries | json }} ,