add S7 dashboard

2025-12-06 17:22:49 +01:00 · 2022-11-28 10:02:33 -05:00
parent 11a7f051a6
commit cfbbc3a1a3
1 changed files with 1 additions and 0 deletions
--- a/salt/soc/files/soc/dashboards.queries.json
+++ b/salt/soc/files/soc/dashboards.queries.json
@@ -57,5 +57,6 @@
            { "name": "ICS - DNP3 Objects", "description": "DNP3 objects", "query": "event.dataset:dnp3_objects | groupby -sankey dnp3.function_code dnp3.object_type | groupby dnp3.function_code | groupby dnp3.object_type | groupby source.ip | groupby destination.ip | groupby destination.port"},
            { "name": "ICS - OPC UA", "description": "OPC Unified Architecture logs", "query": "event.dataset:opcua* | groupby -sankey event.dataset source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port"},
            { "name": "ICS - Profinet", "description": "Profinet logs", "query": "event.dataset:profinet* | groupby -sankey event.dataset source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port"},
+            { "name": "ICS - S7", "description": "S7 logs", "query": "event.dataset:s7* | groupby -sankey event.dataset source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port"},
            { "name": "Firewall", "description": "Firewall logs", "query": "event.dataset:firewall | groupby rule.action | groupby interface.name | groupby network.transport | groupby source.ip | groupby destination.ip | groupby destination.port"}
 ]