From b8baca417bc6a50a5149b1f538dba6e9eb26ffb4 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@securityonionsolutions.com>
Date: Fri, 23 Feb 2024 14:03:04 -0500
Subject: [PATCH] add endpoint_x_events_x_process to defaults.yaml

---
 salt/soc/defaults.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 2c15fe996..d672d1dad 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -995,6 +995,14 @@ soc:
         -  tds.header_type
         -  log.id.uid
         -  event.dataset
+      ':endpoint:endpoint_x_events_x_process':
+        -  soc_timestamp
+        -  event.dataset
+        -  host.name
+        -  user.name
+        -  process.parent.name
+        -  process.name
+        -  process.working_directory
     server:
       bindAddress: 0.0.0.0:9822
       baseUrl: /