Merge pull request #15492 from Security-Onion-Solutions/mwright/investigate-refactor

Assistant: Investigated Query Toggle Filter

salt/soc/defaults.yaml

@@ -2380,6 +2380,10 @@ soc:
               exclusive: true
               enablesToggles:
                 - acknowledged
+            - name: investigated
+              filter: event.investigated:true
+              enabled: false
+              exclusive: false
           queries:
             - name: 'Group By Name, Module'
               query: '* | groupby rule.name event.module* event.severity_label rule.uuid'