diff --git a/splunk_alert.md b/splunk_alert.md
index b387dbf..ab3f70c 100644
--- a/splunk_alert.md
+++ b/splunk_alert.md
@@ -38,3 +38,10 @@ priority=""
     - jarvis_index: 	index=jarvis
     - indextime: _index_earliest=-15m@m AND _index_latest=now
 
+
+
+
+## Network Whitelist
+```
+table _time indextime event_description host_fqdn user_name process_path process_id process_parent_id process_command_line process_guid src_ip dst_ip dst_port src_host_name dst_host_name mitre_category mitre_technique mitre_technique_id hunting_trigger
+```
\ No newline at end of file