From ab5de4c1048a27021ecf6ad486f2d27b74448a04 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@securityonionsolutions.com>
Date: Tue, 19 Dec 2023 07:27:07 -0500
Subject: [PATCH] update soc defaults.yaml

---
 salt/soc/defaults.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 371a9f2e0..a73c8884d 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -469,6 +469,17 @@ soc:
         - observer.ingress.interface.name
         - event.action
         - network.community_id
+      ':pfsense:':
+        - soc_timestamp
+        - source.ip
+        - source.port
+        - destination.ip
+        - destination.port
+        - network.transport
+        - network.type
+        - observer.ingress.interface.name
+        - event.action
+        - network.community_id
       ':osquery:':
         - soc_timestamp
         - source.ip