From fb02d0d35c10327ad51c3c9574499f3843a26184 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 29 Dec 2021 11:07:36 -0500 Subject: [PATCH 1/2] clarify case filters --- salt/soc/files/soc/cases.queries.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/soc/files/soc/cases.queries.json b/salt/soc/files/soc/cases.queries.json index 6d49a89e1..b7d70d25b 100644 --- a/salt/soc/files/soc/cases.queries.json +++ b/salt/soc/files/soc/cases.queries.json @@ -1,5 +1,5 @@ [ - { "name": "Open Cases", "query": "!case.status:Closed AND !case.category:Template" }, - { "name": "Closed Cases", "query": "case.status:Closed AND !case.category:Template" }, + { "name": "Open Cases", "query": "NOT case.status:Closed AND NOT case.category:Template" }, + { "name": "Closed Cases", "query": "case.status:Closed AND NOT case.category:Template" }, { "name": "Templates", "query": "case.category:Template" } ] \ No newline at end of file From 1d885a5419115cbfff1f86cc4906e722b9838ce5 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 29 Dec 2021 11:38:38 -0500 Subject: [PATCH 2/2] Add case template to eval installs --- pillar/elasticsearch/eval.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/pillar/elasticsearch/eval.sls b/pillar/elasticsearch/eval.sls index 84ff89a23..67bc17f29 100644 --- a/pillar/elasticsearch/eval.sls +++ b/pillar/elasticsearch/eval.sls @@ -1,6 +1,7 @@ elasticsearch: templates: - so/so-beats-template.json.jinja + - so/so-case-template.json.jinja - so/so-common-template.json.jinja - so/so-firewall-template.json.jinja - so/so-flow-template.json.jinja