diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 0c9d8506e7..17d4464d47 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1222,6 +1222,17 @@ soc:
         - event_data.destination.port
         - event_data.process.executable
         - event_data.process.pid
+      ':sigma:':
+        - soc_timestamp
+        - rule.name
+        - event.severity_label
+        - event_data.event.dataset
+        - event_data.source.ip
+        - event_data.source.port
+        - event_data.destination.host
+        - event_data.destination.port
+        - event_data.process.executable
+        - event_data.process.pid
     server:
       bindAddress: 0.0.0.0:9822
       baseUrl: /
@@ -1915,6 +1926,17 @@ soc:
               - event_data.destination.port
               - event_data.process.executable
               - event_data.process.pid    
+            ':sigma:':
+              - soc_timestamp
+              - rule.name
+              - event.severity_label
+              - event_data.event.dataset
+              - event_data.source.ip
+              - event_data.source.port
+              - event_data.destination.host
+              - event_data.destination.port
+              - event_data.process.executable
+              - event_data.process.pid    
             ':strelka:':
               - soc_timestamp
               - file.name