From 7f488422b0deea50ba37a953dd0781c1dc9c45ae Mon Sep 17 00:00:00 2001
From: DefensiveDepth <Josh@defensivedepth.com>
Date: Tue, 2 Apr 2024 09:13:27 -0400
Subject: [PATCH] Add default columns

---
 salt/soc/defaults.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 9ec22b180..8b6bceef0 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -2033,6 +2033,7 @@ soc:
               - so_detection.severity
               - so_detection.language
               - so_detection.ruleset
+              - soc_timestamp
           queries:
             - name: "All Detections"
               query: "_id:*"
@@ -2050,6 +2051,8 @@ soc:
               query: 'so_detection.language:sigma AND so_detection.content: "*product: windows*"'
             - name: "Detection Type - Yara (Strelka)"
               query: "so_detection.language:yara"
+            - name: "Security Onion - Grid Detections"
+              query: "so_detection.ruleset:securityonion-resources"
         detection:
           presets:
             severity: