From 268253ce14b6d7eff880770ae52a3327cb093e04 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Mon, 28 Nov 2022 12:05:35 -0500
Subject: [PATCH] update ENIP dashboard

---
 salt/soc/files/soc/dashboards.queries.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/soc/files/soc/dashboards.queries.json b/salt/soc/files/soc/dashboards.queries.json
index de7139875..65ed446d3 100644
--- a/salt/soc/files/soc/dashboards.queries.json
+++ b/salt/soc/files/soc/dashboards.queries.json
@@ -54,7 +54,7 @@
             { "name": "ICS CIP", "description": "Common Industrial Protocol logs", "query": "event.dataset:cip* | groupby -sankey event.dataset source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port"},
             { "name": "ICS DNP3", "description": "DNP3 logs", "query": "event.dataset:dnp3* | groupby -sankey event.dataset source.ip destination.ip | groupby dnp3.function_code | groupby dnp3.object_type | groupby dnp3.fc_request | groupby dnp3.fc_reply | groupby source.ip | groupby destination.ip | groupby destination.port"},
             { "name": "ICS ECAT", "description": "ECAT logs", "query": "event.dataset:ecat* | groupby -sankey event.dataset source.mac destination.mac | groupby source.mac | groupby destination.mac | groupby ecat.command | groupby ecat.register.type"},
-            { "name": "ICS ENIP", "description": "ENIP logs", "query": "event.dataset:enip* | groupby -sankey event.dataset source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port"},
+            { "name": "ICS ENIP", "description": "ENIP logs", "query": "event.dataset:enip* | groupby -sankey source.ip destination.ip | groupby enip.command | groupby enip.status_code | groupby source.ip | groupby destination.ip | groupby destination.port"},
             { "name": "ICS Modbus", "description": "Modbus logs", "query": "event.dataset:modbus* | groupby -sankey event.dataset modbus.function | groupby event.dataset | groupby modbus.function | groupby source.ip | groupby destination.ip | groupby destination.port"},
             { "name": "ICS OPC UA", "description": "OPC Unified Architecture logs", "query": "event.dataset:opcua* | groupby -sankey event.dataset source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port"},
             { "name": "ICS Profinet", "description": "Profinet logs", "query": "event.dataset:profinet* | groupby -sankey event.dataset source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port"},