FEATURE: Add Events table columns for tunnel logs #12937

2025-12-06 17:22:49 +01:00 · 2024-05-06 08:22:08 -04:00
parent 6d5ff59657
commit 7b905f5a94
1 changed files with 4 additions and 5 deletions
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -502,16 +502,15 @@ soc:
        - syslog.severity
        - log.id.uid
        - event.dataset
-      '::tunnels':
+      '::tunnel':
        - soc_timestamp
+        - event.dataset
        - source.ip
        - source.port
        - destination.ip
        - destination.port
-        - tunnel_type
-        - action
-        - log.id.uid
-        - event.dataset
+        - event.action
+        - tunnel.type
      '::weird':
        - soc_timestamp
        - source.ip