From f8108e93d5a9a99c16c471d9132d1a225a9f4f2c Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@securityonionsolutions.com>
Date: Mon, 14 Jul 2025 12:04:46 -0400
Subject: [PATCH] FEATURE: Add SOC default fields for iptables logs #14836

---
 salt/soc/defaults.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index cb12671f8..35eb22ab0 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1336,6 +1336,13 @@ soc:
         - soc.fields.statusCode
         - event.action
         - soc.fields.error
+      ':iptables:':
+        - soc_timestamp
+        - source.ip
+        - source.port
+        - destination.ip
+        - destination.port
+        - message
     server:
       bindAddress: 0.0.0.0:9822
       baseUrl: /