From 58f4fb87d08813ab41eea5b24e6b2a4a2326d5ff Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@securityonionsolutions.com>
Date: Fri, 23 Feb 2024 17:06:29 -0500
Subject: [PATCH] fix new eventFields in soc_soc.yaml

---
 salt/soc/soc_soc.yaml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
index f59d6117b..a9d36c70c 100644
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -59,13 +59,13 @@ soc:
         description: Event fields mappings are defined by the format ":event.module:event.dataset". For example, to customize which fields show for 'syslog' events originating from 'zeek', find the eventField item in the left panel that looks like ':zeek:syslog'. The 'default' entry is used for all events that do not match an existing mapping defined in the list to the left.
         global: True
         advanced: True
-      ':endpoint:endpoint_x_events_x_api': *eventFields
-      ':endpoint:endpoint_x_events_x_file': *eventFields
-      ':endpoint:endpoint_x_events_x_library': *eventFields
-      ':endpoint:endpoint_x_events_x_network': *eventFields
-      ':endpoint:endpoint_x_events_x_process': *eventFields
-      ':endpoint:endpoint_x_events_x_registry': *eventFields
-      ':endpoint:endpoint_x_events_x_security': *eventFields
+      ':endpoint:events_x_api': *eventFields
+      ':endpoint:events_x_file': *eventFields
+      ':endpoint:events_x_library': *eventFields
+      ':endpoint:events_x_network': *eventFields
+      ':endpoint:events_x_process': *eventFields
+      ':endpoint:events_x_registry': *eventFields
+      ':endpoint:events_x_security': *eventFields
     server:
       srvKey:
         description: Unique key for protecting the integrity of user submitted data via the web browser.