From b2b54ccf60724a3ed9ac591c638dd7902fdb17f7 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@securityonionsolutions.com>
Date: Tue, 2 Apr 2024 10:11:16 -0400
Subject: [PATCH] FEATURE: Add Events table columns for event.module strelka
 #12716

---
 salt/soc/defaults.yaml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index a78ea88e14..db98b6b2ff 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1893,7 +1893,16 @@ soc:
               - event_data.destination.host
               - event_data.destination.port
               - event_data.process.executable
-              - event_data.process.pid
+              - event_data.process.pid    
+            ':strelka:':
+              - soc_timestamp
+              - file.name
+              - file.size
+              - hash.md5
+              - file.source
+              - file.mime_type
+              - log.id.fuid
+              - event.dataset
           queryBaseFilter: tags:alert
           queryToggleFilters:
             - name: acknowledged