From ea7979cfdde0c20f433361d832eebdd1eed42d1c Mon Sep 17 00:00:00 2001
From: Josh Brower <Josh@Defensivedepth.com>
Date: Mon, 19 Sep 2022 15:33:15 -0400
Subject: [PATCH] Add Elastic Agent datastreams to SOC index

---
 salt/soc/defaults.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 7c0f78f96..10ef4cb8d 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -64,7 +64,7 @@ soc:
         remoteHostUrls: []
         username:
         password:
-        index: '*:so-*,*:endgame-*'
+        index: '*:so-*,*:endgame-*,.ds-logs*'
         cacheMs: 300000
         verifyCert: false
         casesEnabled: true