Improve Firewall dashboard

2025-12-07 17:52:46 +01:00 · 2022-12-21 15:28:41 -05:00
parent 76a73ea35c
commit b1709f3ea3
1 changed files with 1 additions and 1 deletions
--- a/salt/soc/files/soc/dashboards.queries.json
+++ b/salt/soc/files/soc/dashboards.queries.json
@@ -60,5 +60,5 @@
            { "name": "ICS OPC UA", "description": "OPC UA (Unified Architecture) network metadata", "query": "event.dataset:opcua* | groupby -sankey event.dataset source.ip destination.ip | groupby event.dataset | groupby source.ip | groupby destination.ip | groupby destination.port"},
            { "name": "ICS Profinet", "description": "Profinet (Process Field Network) network metadata", "query": "event.dataset:profinet* | groupby -sankey event.dataset source.ip destination.ip | groupby event.dataset | groupby source.ip | groupby destination.ip | groupby destination.port"},
            { "name": "ICS S7", "description": "S7 (Siemens) network metadata", "query": "event.dataset:s7* | groupby -sankey event.dataset source.ip destination.ip | groupby event.dataset | groupby source.ip | groupby destination.ip | groupby destination.port"},
-            { "name": "Firewall", "description": "Firewall logs", "query": "event.dataset:firewall | groupby rule.action | groupby interface.name | groupby network.transport | groupby source.ip | groupby destination.ip | groupby destination.port"}
+            { "name": "Firewall", "description": "Firewall logs", "query": "event.dataset:firewall | groupby -sankey rule.action interface.name | groupby rule.action | groupby interface.name | groupby network.transport | groupby source.ip | groupby destination.ip | groupby destination.port"}
 ]