Add default description and Zeek log exclusions for Elastic Fleet

salt/zeek/defaults.yaml

@@ -104,3 +104,18 @@ zeek:
     - application/vnd.ms-powerpoint.presentation.macroenabled.12: doc
     - application/vnd.ms-powerpoint.slideshow.macroenabled.12: doc
     - application/vnd.openxmlformats-officedocument: doc
+  logging:
+    excluded:
+      - broker
+      - capture_loss
+      - ecat_arp_info
+      - known_hosts
+      - known_services
+      - loaded_scripts
+      - ntp
+      - packet_filter
+      - reporter
+      - stats
+      - stderr
+      - stdout
+ 

salt/zeek/soc_zeek.yaml

@@ -3,8 +3,9 @@ zeek:
     description: You can enable or disable ZEEK on all sensors or a single sensor.
     helpLink: zeek.html
   logging:
-    enabled:
+    excluded:
-      description: This is a list of Zeek logs that will be shipped through the pipeline. If you remove a log from this list, it will still persist on the sensor.
+      description: This is a list of Zeek logs that are excluded from being shipped through the data processing pipeline. If you remove a log from this list, it will be attempt to be ingested. If an ingest node pipeline is not available to process the logs, you may experience errors.
+      forcedType: "[]string"
       helpLink: zeek.html
   config:
     local: