From cfbbc3a1a3a8b41c1d86cd5d1a9fbff9efdfc357 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Mon, 28 Nov 2022 10:02:33 -0500
Subject: [PATCH] add S7 dashboard

---
 salt/soc/files/soc/dashboards.queries.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/soc/files/soc/dashboards.queries.json b/salt/soc/files/soc/dashboards.queries.json
index 2e7465ddb..d6673d12f 100644
--- a/salt/soc/files/soc/dashboards.queries.json
+++ b/salt/soc/files/soc/dashboards.queries.json
@@ -57,5 +57,6 @@
             { "name": "ICS - DNP3 Objects", "description": "DNP3 objects", "query": "event.dataset:dnp3_objects | groupby -sankey dnp3.function_code dnp3.object_type | groupby dnp3.function_code | groupby dnp3.object_type | groupby source.ip | groupby destination.ip | groupby destination.port"},
             { "name": "ICS - OPC UA", "description": "OPC Unified Architecture logs", "query": "event.dataset:opcua* | groupby -sankey event.dataset source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port"},
             { "name": "ICS - Profinet", "description": "Profinet logs", "query": "event.dataset:profinet* | groupby -sankey event.dataset source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port"},
+            { "name": "ICS - S7", "description": "S7 logs", "query": "event.dataset:s7* | groupby -sankey event.dataset source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port"},
             { "name": "Firewall", "description": "Firewall logs", "query": "event.dataset:firewall | groupby rule.action | groupby interface.name | groupby network.transport | groupby source.ip | groupby destination.ip | groupby destination.port"}
 ]