diff --git a/pillar/elasticsearch/eval.sls b/pillar/elasticsearch/eval.sls
index 84ff89a23..67bc17f29 100644
--- a/pillar/elasticsearch/eval.sls
+++ b/pillar/elasticsearch/eval.sls
@@ -1,6 +1,7 @@
 elasticsearch:
   templates:
     - so/so-beats-template.json.jinja
+    - so/so-case-template.json.jinja
     - so/so-common-template.json.jinja
     - so/so-firewall-template.json.jinja
     - so/so-flow-template.json.jinja
diff --git a/salt/soc/files/soc/cases.queries.json b/salt/soc/files/soc/cases.queries.json
index 6d49a89e1..b7d70d25b 100644
--- a/salt/soc/files/soc/cases.queries.json
+++ b/salt/soc/files/soc/cases.queries.json
@@ -1,5 +1,5 @@
 [
-  { "name": "Open Cases", "query": "!case.status:Closed AND !case.category:Template" },
-  { "name": "Closed Cases", "query": "case.status:Closed AND !case.category:Template" },
+  { "name": "Open Cases", "query": "NOT case.status:Closed AND NOT case.category:Template" },
+  { "name": "Closed Cases", "query": "case.status:Closed AND NOT case.category:Template" },
   { "name": "Templates", "query": "case.category:Template" }
 ]
\ No newline at end of file