From 30afc88322fb2148214ea496a4e294764b0185e1 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 19 Sep 2022 15:51:29 -0400
Subject: [PATCH] fix some soc defaults

---
 salt/soc/defaults.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 31a35a618..e25a25b5f 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -649,7 +649,7 @@ soc:
         queryBaseFilter:
         queryToggleFilters:
           - name: caseExcludeToggle
-            filter: NOT _index:\"*:so-case*\"
+            filter: 'NOT _index:"*:so-case*"'
             enabled: true
         queries:
           - name: Default Query
@@ -1365,7 +1365,7 @@ soc:
             - source.ip
         queryBaseFilter:
         queryToggleFilters:
-          - name: caseExcludeToggle,
+          - name: caseExcludeToggle
             filter: 'NOT _index:"*:so-case*"'
             enabled: true
         queries:
@@ -1591,7 +1591,7 @@ soc:
             - so_case.severity
             - so_case.assigneeId
             - so_case.createTime
-        queryBaseFilter: '_index:\"*:so-case\" AND so_kind:case'
+        queryBaseFilter: '_index:"*:so-case" AND so_kind:case'
         queryToggleFilters: []
         queries:
           - name: Open Cases