From 6e9e4dc99c07c45dc68c2a434ae91a395f6f96b6 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Mon, 28 Sep 2020 14:19:55 -0400
Subject: [PATCH] Hunt third magnifying glass should group output by
 event.module and event.dataset #1407

---
 salt/soc/files/soc/soc.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json
index 19c628086..f375e5bd1 100644
--- a/salt/soc/files/soc/soc.json
+++ b/salt/soc/files/soc/soc.json
@@ -148,6 +148,7 @@
           { "name": "Firewall", "description": "Firewall events grouped by action", "query": "event_type:firewall | groupby action"}
         ],
         "actions": [
+          { "name": "", "description": "actionHuntHelp", "icon": "fa-search", "link": "/#/hunt?q=\"{value}\" | groupby event.module event.dataset", "target": "" },
           { "name": "", "description": "actionPcapHelp", "icon": "fa-stream", "link": "/joblookup?esid={eventId}", "target": "" },
           { "name": "", "description": "actionAlertHelp", "icon": "fa-bell", "link": "/soctopus/thehive/alert/{eventId}", "target": "_blank" },
           { "name": "", "description": "actionGoogleHelp", "icon": "fab fa-google", "link": "https://www.google.com/search?q={value}", "target": "_blank" },