From 67645a662da34ee1931236a868549bdb2a1bc3ef Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@securityonionsolutions.com>
Date: Tue, 14 May 2024 10:14:16 -0400
Subject: [PATCH] FEATURE: Add NetFlow dashboard #13009

---
 salt/soc/defaults.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index b96cabf9d..ca64c6b7b 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1258,6 +1258,19 @@ soc:
         - event_data.destination.port
         - event_data.process.executable
         - event_data.process.pid
+      ':netflow:':
+        - soc_timestamp
+        - event.dataset
+        - source.ip
+        - source.port
+        - destination.ip
+        - destination.port
+        - network.type
+        - network.transport
+        - network.direction
+        - netflow.type
+        - netflow.exporter.version
+        - observer.ip
     server:
       bindAddress: 0.0.0.0:9822
       baseUrl: /