From 7da0ccf5a628d71e75eef7fda547004ca693fec4 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Fri, 23 Feb 2024 15:35:53 -0500 Subject: [PATCH] add more endpoint.events.x entries to merged.map.jinja --- salt/soc/merged.map.jinja | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/salt/soc/merged.map.jinja b/salt/soc/merged.map.jinja index 55d8d2600..c0ea836e5 100644 --- a/salt/soc/merged.map.jinja +++ b/salt/soc/merged.map.jinja @@ -67,7 +67,13 @@ {% do SOCMERGED.config.server.client.cases.update({'actions': standard_actions}) %} {# replace the _x_ with . for soc ui to config conversion #} +{% do SOCMERGED.config.eventFields.update({':endpoint:endpoint.events.api': SOCMERGED.config.eventFields.pop(':endpoint:endpoint_x_events_x_api') }) %} +{% do SOCMERGED.config.eventFields.update({':endpoint:endpoint.events.file': SOCMERGED.config.eventFields.pop(':endpoint:endpoint_x_events_x_file') }) %} +{% do SOCMERGED.config.eventFields.update({':endpoint:endpoint.events.library': SOCMERGED.config.eventFields.pop(':endpoint:endpoint_x_events_x_library') }) %} +{% do SOCMERGED.config.eventFields.update({':endpoint:endpoint.events.network': SOCMERGED.config.eventFields.pop(':endpoint:endpoint_x_events_x_network') }) %} {% do SOCMERGED.config.eventFields.update({':endpoint:endpoint.events.process': SOCMERGED.config.eventFields.pop(':endpoint:endpoint_x_events_x_process') }) %} +{% do SOCMERGED.config.eventFields.update({':endpoint:endpoint.events.registry': SOCMERGED.config.eventFields.pop(':endpoint:endpoint_x_events_x_registry') }) %} +{% do SOCMERGED.config.eventFields.update({':endpoint:endpoint.events.security': SOCMERGED.config.eventFields.pop(':endpoint:endpoint_x_events_x_security') }) %} {% set standard_eventFields = SOCMERGED.config.pop('eventFields') %} {% do SOCMERGED.config.server.client.hunt.update({'eventFields': standard_eventFields}) %} {% do SOCMERGED.config.server.client.dashboards.update({'eventFields': standard_eventFields}) %}