From 63915b0486cb6cb1cde012c36c54d06925e02e81 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Mon, 28 Nov 2022 11:58:48 -0500
Subject: [PATCH] consolidate DNP3 dashboards

---
 salt/soc/files/soc/dashboards.queries.json | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/salt/soc/files/soc/dashboards.queries.json b/salt/soc/files/soc/dashboards.queries.json
index 5542d0645..dc6ce5141 100644
--- a/salt/soc/files/soc/dashboards.queries.json
+++ b/salt/soc/files/soc/dashboards.queries.json
@@ -52,8 +52,7 @@
             { "name": "ICS - BACnet", "description": "BACnet logs", "query": "event.dataset:bacnet* | groupby -sankey event.dataset source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port"},
             { "name": "ICS - BSAP", "description": "Bristol Standard Asynchronous Protocol logs", "query": "event.dataset:bsap* | groupby -sankey event.dataset source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port"},
             { "name": "ICS - CIP", "description": "Common Industrial Protocol logs", "query": "event.dataset:cip* | groupby -sankey event.dataset source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port"},
-            { "name": "ICS - DNP3", "description": "DNP3 logs", "query": "event.dataset:dnp3 | groupby -sankey dnp3.fc_request source.ip destination.ip | groupby dnp3.fc_request | groupby dnp3.fc_reply | groupby dnp3.iin | groupby source.ip | groupby destination.ip | groupby destination.port"},
-            { "name": "ICS - DNP3 Objects", "description": "DNP3 objects", "query": "event.dataset:dnp3_objects | groupby -sankey dnp3.function_code dnp3.object_type | groupby dnp3.function_code | groupby dnp3.object_type | groupby source.ip | groupby destination.ip | groupby destination.port"},
+            { "name": "ICS - DNP3", "description": "DNP3 logs", "query": "event.dataset:dnp3* | groupby -sankey event.dataset source.ip destination.ip | groupby dnp3.function_code | groupby dnp3.object_type | groupby dnp3.fc_request | groupby dnp3.fc_reply | groupby source.ip | groupby destination.ip | groupby destination.port"},
             { "name": "ICS - ECAT", "description": "ECAT logs", "query": "event.dataset:ecat* | groupby -sankey event.dataset source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port"},
             { "name": "ICS - ENIP", "description": "ENIP logs", "query": "event.dataset:enip* | groupby -sankey event.dataset source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port"},
             { "name": "ICS - Modbus", "description": "Modbus logs", "query": "event.dataset:modbus* | groupby -sankey event.dataset modbus.function | groupby event.dataset | groupby modbus.function | groupby source.ip | groupby destination.ip | groupby destination.port"},