diff --git a/salt/elasticsearch/templates/so/so-case-template.json.jinja b/salt/elasticsearch/templates/so/so-case-template.json.jinja index e85367113..d05cc9852 100644 --- a/salt/elasticsearch/templates/so/so-case-template.json.jinja +++ b/salt/elasticsearch/templates/so/so-case-template.json.jinja @@ -244,6 +244,26 @@ "message": { "type": "text" }, + "scan":{ + "type":"object", + "dynamic": true, + "properties":{ + "exiftool":{ + "type":"text" + }, + "pe":{ + "properties":{ + "sections":{ + "properties":{ + "entropy":{ + "type": "float" + } + } + } + } + } + } + }, "tags": { "type": "keyword", "ignore_above": 1024 diff --git a/salt/elasticsearch/templates/so/so-common-template.json.jinja b/salt/elasticsearch/templates/so/so-common-template.json.jinja index b61f3764d..b5f196243 100644 --- a/salt/elasticsearch/templates/so/so-common-template.json.jinja +++ b/salt/elasticsearch/templates/so/so-common-template.json.jinja @@ -734,7 +734,18 @@ "properties":{ "exiftool":{ "type":"text" - } + }, + "pe":{ + "properties":{ + "sections":{ + "properties":{ + "entropy":{ + "type": "float" + } + } + } + } + } } }, "server":{ diff --git a/salt/soc/files/soc/cases.queries.json b/salt/soc/files/soc/cases.queries.json index a3021ad0b..e08ca51ac 100644 --- a/salt/soc/files/soc/cases.queries.json +++ b/salt/soc/files/soc/cases.queries.json @@ -1,5 +1,7 @@ [ { "name": "Open Cases", "query": "NOT case.status:closed AND NOT case.category:template" }, { "name": "Closed Cases", "query": "case.status:closed AND NOT case.category:template" }, + { "name": "My Open Cases", "query": "NOT case.status:closed AND NOT case.category:template AND case.assigneeId:{myId}" }, + { "name": "My Closed Cases", "query": "case.status:closed AND NOT case.category:template AND case.assigneeId:{myId}" }, { "name": "Templates", "query": "case.category:template" } ] \ No newline at end of file