diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 341bee64a3..7573854c64 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -65,6 +65,12 @@ soc:
         target: _blank
         links:
           - 'https://{:sublime.url}/messages/{:sublime.message_group_id}' 
+      - name: actionProcessAncestors
+        description: actionProcessAncestorsHelp
+        icon: fa-people-roof
+        target: ''
+        links:
+          - '/#/hunt?q=(process.entity_id:"{:process.entity_id}" OR process.entity_id:"{:process.Ext.ancestry|processAncestors}") | groupby process.parent.name | groupby -sankey process.parent.name process.name | groupby process.name | groupby event.module event.dataset | table soc_timestamp event.dataset user.name process.executable process.command_line process.working_directory'
     eventFields:
       default:
         - soc_timestamp