From 194e4119f07e3c20fce001eab5f3f53c35b56f18 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Mon, 27 Dec 2021 20:36:28 -0500
Subject: [PATCH] Correct missing json vars

---
 salt/soc/files/soc/cases.queries.json | 4 ++--
 salt/soc/files/soc/soc.json           | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/salt/soc/files/soc/cases.queries.json b/salt/soc/files/soc/cases.queries.json
index ecc40fd76..6d49a89e1 100644
--- a/salt/soc/files/soc/cases.queries.json
+++ b/salt/soc/files/soc/cases.queries.json
@@ -1,5 +1,5 @@
 [
-  { "name": "Open Cases", "query": "!case.status:Closed" },
-  { "name": "Closed Cases", "query": "case.status:Closed" },
+  { "name": "Open Cases", "query": "!case.status:Closed AND !case.category:Template" },
+  { "name": "Closed Cases", "query": "case.status:Closed AND !case.category:Template" },
   { "name": "Templates", "query": "case.category:Template" }
 ]
\ No newline at end of file
diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json
index 76f78bf2c..d35735f02 100644
--- a/salt/soc/files/soc/soc.json
+++ b/salt/soc/files/soc/soc.json
@@ -16,6 +16,8 @@
 {%- import_json "soc/files/soc/alerts.eventfields.json" as alerts_eventfields %}
 {%- import_json "soc/files/soc/hunt.queries.json" as hunt_queries %}
 {%- import_json "soc/files/soc/hunt.eventfields.json" as hunt_eventfields %}
+{%- import_json "soc/files/soc/cases.queries.json" as cases_queries %}
+{%- import_json "soc/files/soc/cases.eventfields.json" as cases_eventfields %}
 {%- import_json "soc/files/soc/menu.actions.json" as menu_actions %}
 {%- import_json "soc/files/soc/tools.json" as tools %}
 {%- import_json "soc/files/soc/presets.artifacttype.json" as presets_artifacttype %}