From c16bf50493f673c50695dc1168fb4501e8a3504f Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 7 Oct 2025 14:20:25 -0400
Subject: [PATCH] Update files

---
 salt/zeek/policy/custom/filters/files | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/salt/zeek/policy/custom/filters/files b/salt/zeek/policy/custom/filters/files
index 867e2c849..311f37cc2 100644
--- a/salt/zeek/policy/custom/filters/files
+++ b/salt/zeek/policy/custom/filters/files
@@ -1 +1,13 @@
-# Placeholder
\ No newline at end of file
+hook Files::log_policy(rec: Files::Info, id: Log::ID, filter: Log::Filter)
+    {
+       # Turn off a specific mimetype
+           if (rec?$mime_type && ( /soap+xml/ | /json/ | /xml/ | /x509/ )in rec$mime_type)
+               break;
+    }
+
+event zeek_init()
+{
+    Log::remove_default_filter(Files::LOG);
+    local filter: Log::Filter = [$name="files-filter"];
+    Log::add_filter(Files::LOG, filter);
+}