Fix dns.query.name

Security-Onion-Solutions · Nov 2, 2023 · 2f4df8c · 2f4df8c
1 parent 824f394
commit 2f4df8c
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/so-soctopus/so-soctopus/playbook/securityonion-baseline.yml b/so-soctopus/so-soctopus/playbook/securityonion-baseline.yml
@@ -232,8 +232,7 @@ fieldmappings:
     username: user.name
     uid: user.uid
     sid: rule.uuid
-    query: query
-    answer: answers
+    query: dns.query.name
     src_ip: destination.ip.keyword
     src_port: source.port
     dst_ip: destination.ip.keyword