From fc51c2aef473dc857ef245d1e4a66c50cbf50dec Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Sat, 19 Sep 2020 08:39:01 -0400
Subject: [PATCH] Group by community ID on second alert quick query

---
 salt/soc/files/soc/soc.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json
index 7ded8ab50..ffba0091d 100644
--- a/salt/soc/files/soc/soc.json
+++ b/salt/soc/files/soc/soc.json
@@ -172,7 +172,7 @@
         "querySuffix": "",
         "queries": [
           { "name": "Group By Name", "query": "* | groupby rule.name event.severity_label" },
-          { "name": "Group By Sensor, Source IP/Port, Destination IP/Port, Name", "query": "* | groupby observer.name source.ip source.port destination.ip destination.port rule.name event.severity_label" },
+          { "name": "Group By Sensor, Source IP/Port, Destination IP/Port, Name", "query": "* | groupby observer.name source.ip source.port destination.ip destination.port rule.name network.community_id event.severity_label" },
           { "name": "Group By Source IP, Name", "query": "* | groupby source.ip rule.name event.severity_label" },
           { "name": "Group By Source Port, Name", "query": "* | groupby source.port rule.name event.severity_label" },
           { "name": "Group By Destination IP, Name", "query": "* | groupby destination.ip rule.name event.severity_label" },