mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
update soc defaults.yaml
This commit is contained in:
Doug Burks
@@ -469,6 +469,17 @@ soc:
|
|||||||
- observer.ingress.interface.name
|
- observer.ingress.interface.name
|
||||||
- event.action
|
- event.action
|
||||||
- network.community_id
|
- network.community_id
|
||||||
|
':pfsense:':
|
||||||
|
- soc_timestamp
|
||||||
|
- source.ip
|
||||||
|
- source.port
|
||||||
|
- destination.ip
|
||||||
|
- destination.port
|
||||||
|
- network.transport
|
||||||
|
- network.type
|
||||||
|
- observer.ingress.interface.name
|
||||||
|
- event.action
|
||||||
|
- network.community_id
|
||||||
':osquery:':
|
':osquery:':
|
||||||
- soc_timestamp
|
- soc_timestamp
|
||||||
- source.ip
|
- source.ip
|
||||||
|
|||||||
Reference in New Issue
Block a user