From cf7d8076e9d1f6ae8e5909142031502d48baf861 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Sat, 10 Dec 2022 14:21:58 -0500
Subject: [PATCH] remove old Wazuh Hunt queries in defaults.yaml

---
 salt/soc/defaults.yaml | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 1e87d8be4..cc98bb4f9 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1137,22 +1137,6 @@ soc:
             description: Show all Osquery Live Query results
             query: 'event.dataset: osquery_manager.result | groupby action_data.id action_data.query | groupby host.hostname'
             showSubtitle: true
-          - name: Wazuh/OSSEC Alerts
-            description: Show all Wazuh alerts at Level 5 or higher grouped by category
-            query: 'event.module:ossec AND event.dataset:alert AND rule.level:>4 | groupby rule.category rule.name'
-            showSubtitle: true
-          - name: Wazuh/OSSEC Alerts
-            description: Show all Wazuh alerts at Level 4 or lower grouped by category
-            query: 'event.module:ossec AND event.dataset:alert AND rule.level:<5 | groupby rule.category rule.name'
-            showSubtitle: true
-          - name: Wazuh/OSSEC Users and Commands
-            description: Show all Wazuh alerts grouped by username and command line
-            query: 'event.module:ossec AND event.dataset:alert | groupby user.escalated.keyword process.command_line'
-            showSubtitle: true
-          - name: Wazuh/OSSEC Processes
-            description: Show all Wazuh alerts grouped by process name
-            query: 'event.module:ossec AND event.dataset:alert | groupby process.name'
-            showSubtitle: true
           - name: Sysmon Events
             description: Show all Sysmon logs grouped by event type
             query: 'event.module:sysmon | groupby event.dataset'