FEATURE: Add Events table columns for event.module playbook #12703

2025-12-06 09:12:45 +01:00 · 2024-04-02 09:55:56 -04:00
parent 261f2cbaf7
commit 6c2437f8ef
1 changed files with 16 additions and 3 deletions
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1200,6 +1200,17 @@ soc:
        -  soc_timestamp
        -  event.dataset
        -  message
+      ':playbook:':
+        - soc_timestamp
+        - rule.name
+        - event.severity_label
+        - event_data.event.dataset
+        - event_data.source.ip
+        - event_data.source.port
+        - event_data.destination.host
+        - event_data.destination.port
+        - event_data.process.executable
+        - event_data.process.pid
    server:
      bindAddress: 0.0.0.0:9822
      baseUrl: /
@@ -1876,11 +1887,13 @@ soc:
              - soc_timestamp
              - rule.name
              - event.severity_label
-              - event_data.event.module
-              - event_data.event.category
+              - event_data.event.dataset
+              - event_data.source.ip
+              - event_data.source.port
+              - event_data.destination.host
+              - event_data.destination.port
              - event_data.process.executable
              - event_data.process.pid
-              - event_data.winlog.computer_name
          queryBaseFilter: tags:alert
          queryToggleFilters:
            - name: acknowledged