# SOC Production Sample Logs

These files provide realistic sample events aligned with current production-focused Wazuh rules (`110xxx`):

- `appendix-a-production-samples.log`
- `appendix-b-production-samples.log`
- `appendix-c-production-samples.log`

Notes:

- FortiGate and VMware lines are raw/syslog-style key-value examples.
- Windows samples are in compact JSON using Wazuh-decoded field names (`win.system.eventID`, `win.eventdata.*`) so rule intent is explicit.
- SOC Integrator correlation examples use `soc_event=...` payloads consumed by custom decoders (`soc-prod-dns`, `soc-prod-integrator`).

These are reference samples for testing and documentation, not exact byte-for-byte exports from a single environment.