From 868b2175496e45a53b8026bba9066c5d89c5a322 Mon Sep 17 00:00:00 2001 From: reyesj2 <94730068+reyesj2@users.noreply.github.com> Date: Wed, 1 Jul 2026 11:37:46 -0500 Subject: [PATCH] update default hunt query --- salt/soc/defaults.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index 7e8e76094..ff8a504ac 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -1771,13 +1771,13 @@ soc: enabled: true queries: - name: Default Query - description: Show all events grouped by the observer host - query: '* | groupby observer.name' - showSubtitle: true - - name: Log Type description: Show all events grouped by module and dataset query: '* | groupby event.module* event.dataset' showSubtitle: true + - name: Observer + description: Show all events grouped by the observer host + query: '* | groupby observer.name' + showSubtitle: true - name: SOC - Auth description: Users authenticated to SOC grouped by IP address and identity query: 'event.dataset:kratos.audit AND msg:*authenticated* | groupby http.request.headers.x-real-ip user.name'