From af6245f19dc64b13ca5be0be52747546e9aa770a Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Mon, 17 Mar 2025 14:30:17 -0500
Subject: [PATCH] add zeek file_extraction forcedType for instances where a
 single line is speciifed

---
 salt/zeek/soc_zeek.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/zeek/soc_zeek.yaml b/salt/zeek/soc_zeek.yaml
index f5f718114..b3b655083 100644
--- a/salt/zeek/soc_zeek.yaml
+++ b/salt/zeek/soc_zeek.yaml
@@ -63,4 +63,5 @@ zeek:
           duplicates: True
   file_extraction:
     description: Contains a list of file or MIME types Zeek will extract from the network streams. Values must adhere to the following format - {"MIME_TYPE":"FILE_EXTENSION"}
+    forcedType: "[]{}"
     helpLink: zeek.html