From bd11d59c15fb711332ab0c67423e217f2b4b1b70 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Fri, 24 May 2024 08:38:12 -0400
Subject: [PATCH] add event.dataset since there are other datasets in soc logs

---
 salt/soc/defaults.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 39960d946..9f5faf50b 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1273,6 +1273,7 @@ soc:
         - observer.ip
       ':soc:':
         - soc_timestamp
+        - event.dataset
         - source.ip
         - soc.fields.requestMethod
         - soc.fields.requestPath