From d7b2c88201fa838ab8baae0ff2a8c27b0e9a72f2 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Wed, 21 Dec 2022 15:24:58 -0500
Subject: [PATCH] Improve Software dashboard

---
 salt/soc/defaults.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index ec1e07425..d19041503 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1482,7 +1482,7 @@ soc:
             query: 'event.dataset:snmp | groupby snmp.community | groupby snmp.version | groupby -sankey source.ip destination.ip | groupby source.ip | groupby destination.ip | groupby destination.port'
           - name: Software
             description: Software seen by Zeek via network traffic
-            query: 'event.dataset:software | groupby software.type | groupby software.name | groupby source.ip'
+            query: 'event.dataset:software | groupby -sankey software.type source.ip | groupby software.type | groupby software.name | groupby source.ip'
           - name: SSH
             description: SSH (Secure Shell) connections seen by Zeek
             query: 'event.dataset:ssh | groupby ssh.client | groupby ssh.server | groupby -sankey source.ip destination.ip | groupby ssh.direction | groupby ssh.version | groupby ssh.hassh_version | groupby source.ip | groupby destination.ip | groupby destination.port | groupby destination_geo.organization_name'