diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 857f245d1..cec11273b 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1020,6 +1020,9 @@ soc:
         cacheMs: 300000
         verifyCert: false
         casesEnabled: true
+        extractCommonObservables:
+          - source.ip
+          - destination.ip
         timeoutMs: 300000
         timeShiftMs: 120000
         defaultDurationMs: 1800000
diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
index 7d96ca46b..e6b43cf0b 100644
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -69,6 +69,9 @@ soc:
           description: Set to true if the SOC case management module, natively integrated with Elasticsearch, should be enabled.
           global: True
           advanced: True
+        extractCommonObservables:
+          description: List of indexed fields to automatically extract into a case observable, when attaching related events to a case.
+          global: True
         timeShiftMs:
           description: Duration (in milliseconds) to further expand the PCAP time range when querying PCAP data related to an event. This duration is added to the normal duration value (see defaultDurationMs).
           global: True