diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index bbe9558e9..fb25a9c09 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -2380,6 +2380,10 @@ soc:
               exclusive: true
               enablesToggles:
                 - acknowledged
+            - name: investigated
+              filter: event.investigated:true
+              enabled: false
+              exclusive: false
           queries:
             - name: 'Group By Name, Module'
               query: '* | groupby rule.name event.module* event.severity_label rule.uuid'