Merge pull request #12724 from Security-Onion-Solutions/dougburks-patch-1

FEATURE: Add Events table columns for event.module strelka #12716
2025-12-06 17:22:49 +01:00 · 2024-04-02 10:15:20 -04:00
parent 55e71c867c b2b54ccf60
commit a678a5a416
1 changed files with 10 additions and 1 deletions
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1894,6 +1894,15 @@ soc:
              - event_data.destination.port
              - event_data.process.executable
              - event_data.process.pid    
+            ':strelka:':
+              - soc_timestamp
+              - file.name
+              - file.size
+              - hash.md5
+              - file.source
+              - file.mime_type
+              - log.id.fuid
+              - event.dataset
          queryBaseFilter: tags:alert
          queryToggleFilters:
            - name: acknowledged