diff --git a/.bumpversion.cfg b/.bumpversion.cfg
index 06bca5aa6..970508902 100644
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2.3.3
+current_version = 2.3.4
 commit = True
 tag = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)(-(?P<release>.*)-(?P<build>\d+))?
diff --git a/README.md b/README.md
index 748d44af9..af40ae346 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@
 <p align="center">
   Incident Response Investigation System
   <br>
-  <i>Current Version v2.3.3</i>
+  <i>Current Version v2.3.4</i>
   <br>
   <a href="https://v200.beta.dfir-iris.org">Online Demonstration</a>
 </p>
@@ -52,7 +52,7 @@ git clone https://github.com/dfir-iris/iris-web.git
 cd iris-web
 
 # Checkout to the last tagged version 
-git checkout v2.3.3
+git checkout v2.3.4
 
 # Copy the environment file 
 cp .env.model .env
diff --git a/docker-compose.yml b/docker-compose.yml
index 4d569c6f2..5b1aee24b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -27,7 +27,7 @@ services:
     build:
       context: docker/db
     container_name: iriswebapp_db
-    image: iriswebapp_db:v2.3.3
+    image: iriswebapp_db:v2.3.4
     restart: always
     # Used for debugging purposes, should be deleted for production
     ports:
@@ -47,7 +47,7 @@ services:
     build:
       context: .
       dockerfile: docker/webApp/Dockerfile
-    image: iriswebapp_app:v2.3.3
+    image: iriswebapp_app:v2.3.4
     container_name: iriswebapp_app
     command: ['nohup', './iris-entrypoint.sh', 'iriswebapp']
     volumes:
@@ -85,7 +85,7 @@ services:
     build:
       context: .
       dockerfile: docker/webApp/Dockerfile
-    image: iriswebapp_app:v2.3.3
+    image: iriswebapp_app:v2.3.4
     container_name: iriswebapp_worker
     command: ['./wait-for-iriswebapp.sh', 'app:8000', './iris-entrypoint.sh', 'iris-worker']
     volumes:
@@ -121,7 +121,7 @@ services:
       args:
         NGINX_CONF_GID: 1234
         NGINX_CONF_FILE: nginx.conf
-    image: iriswebapp_nginx:v2.3.3
+    image: iriswebapp_nginx:v2.3.4
     container_name: iriswebapp_nginx
     environment:
       - IRIS_UPSTREAM_SERVER
diff --git a/source/app/alembic/versions/d207b4d13385_add_severity_to_cases.py b/source/app/alembic/versions/d207b4d13385_add_severity_to_cases.py
new file mode 100644
index 000000000..ac899b7ee
--- /dev/null
+++ b/source/app/alembic/versions/d207b4d13385_add_severity_to_cases.py
@@ -0,0 +1,51 @@
+"""Add severity to cases
+
+Revision ID: d207b4d13385
+Revises: d6c49c5435c2
+Create Date: 2023-11-28 11:50:08.136090
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+from app.alembic.alembic_utils import _table_has_column
+
+# revision identifiers, used by Alembic.
+revision = 'd207b4d13385'
+down_revision = 'd6c49c5435c2'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    if not _table_has_column('cases', 'severity_id'):
+        op.add_column(
+            'cases',
+            sa.Column('severity_id', sa.Integer, sa.ForeignKey('severities.severity_id'), nullable=True)
+        )
+
+        op.create_foreign_key(
+            None, 'cases', 'severities', ['severity_id'], ['severity_id']
+        )
+
+    conn = op.get_bind()
+    # Create the new severity if it doesn't exist already - we check first
+    res = conn.execute(
+        "SELECT severity_id FROM severities WHERE severity_name = 'Medium'"
+    ).fetchone()
+
+    if res is None:
+        conn.execute(
+            "INSERT INTO severities (severity_name, severity_description) VALUES ('Medium', 'Medium')"
+        )
+
+    # Update the severity of all cases to the default severity
+    conn.execute(
+        "UPDATE cases SET severity_id = (SELECT severity_id FROM severities WHERE severity_name = 'Medium')"
+    )
+
+    pass
+
+
+def downgrade():
+    pass
diff --git a/source/app/alembic/versions/d6c49c5435c2_add_evidence_type_to_evidences.py b/source/app/alembic/versions/d6c49c5435c2_add_evidence_type_to_evidences.py
new file mode 100644
index 000000000..9a396fb4f
--- /dev/null
+++ b/source/app/alembic/versions/d6c49c5435c2_add_evidence_type_to_evidences.py
@@ -0,0 +1,68 @@
+"""Add evidence type to evidences
+
+Revision ID: d6c49c5435c2
+Revises: 3a4d4f15bd69
+Create Date: 2023-11-06 15:29:14.435562
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+from app.alembic.alembic_utils import _table_has_column
+
+# revision identifiers, used by Alembic.
+revision = 'd6c49c5435c2'
+down_revision = '3a4d4f15bd69'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    if not _table_has_column('case_received_file', 'type_id'):
+
+        op.add_column(
+            'case_received_file',
+            sa.Column('type_id', sa.Integer, sa.ForeignKey('evidence_type.id'), nullable=True)
+        )
+
+        op.create_foreign_key(
+            None, 'case_received_file', 'evidence_type', ['type_id'], ['id']
+        )
+
+    if not _table_has_column('case_received_file', 'acquisition_date'):
+
+        op.add_column(
+            'case_received_file',
+            sa.Column('acquisition_date', sa.DateTime, nullable=True),
+
+        )
+
+    if not _table_has_column('case_received_file', 'start_date'):
+
+        op.add_column(
+            'case_received_file',
+            sa.Column('start_date', sa.DateTime, nullable=True),
+
+        )
+
+    if not _table_has_column('case_received_file', 'end_date'):
+
+        op.add_column(
+            'case_received_file',
+            sa.Column('end_date', sa.DateTime, nullable=True),
+
+        )
+
+    if not _table_has_column('case_received_file', 'chain_of_custody'):
+
+        op.add_column(
+            'case_received_file',
+            sa.Column('chain_of_custody', sa.JSON, nullable=True),
+
+        )
+
+    pass
+
+
+def downgrade():
+    pass
diff --git a/source/app/blueprints/alerts/templates/alerts.html b/source/app/blueprints/alerts/templates/alerts.html
index d5e18f99e..a5d03519f 100644
--- a/source/app/blueprints/alerts/templates/alerts.html
+++ b/source/app/blueprints/alerts/templates/alerts.html
@@ -57,6 +57,7 @@
                                     <a class="dropdown-item" href="#" onclick="changeStatusBatchAlerts('Merged');">Merged</a>
                                 </div>
                             </div>
+                            <button type="button" class="btn btn-alert-danger btn-sm ml-2" onclick="closeBatchAlerts();">Close with note</button>
                             <button type="button" class="btn btn-alert-danger btn-sm ml-2" onclick="deleteBatchAlerts();"><i class="fa fa-trash mr-2"></i>Delete</button>
                         </div>
                         <button class="btn btn-sm mr-2" id="select-deselect-all" style="display:none;">Select all</button>
@@ -260,7 +261,10 @@ <h5 class="modal-title" id="closeAlertModalLabel"></h5>
                   <input type="radio" name="resolutionStatus" value="true_positive_with_impact" class="selectgroup-input">
                   <span class="selectgroup-button">True positive with impact</span>
                 </label>
-
+                <label class="selectgroup-item">
+                  <input type="radio" name="resolutionStatus" value="unknown" class="selectgroup-input">
+                  <span class="selectgroup-button">Unknown</span>
+                </label>
               </div>
           </div>
           <div class="form-group">
diff --git a/source/app/blueprints/case/case_rfiles_routes.py b/source/app/blueprints/case/case_rfiles_routes.py
index c8d5e25d1..29ccec136 100644
--- a/source/app/blueprints/case/case_rfiles_routes.py
+++ b/source/app/blueprints/case/case_rfiles_routes.py
@@ -81,7 +81,7 @@ def case_list_rfiles(caseid):
     crf = get_rfiles(caseid)
 
     ret = {
-        "evidences": [row._asdict() for row in crf],
+        "evidences": CaseEvidenceSchema().dump(crf, many=True),
         "state": get_evidences_state(caseid=caseid)
     }
 
@@ -111,8 +111,8 @@ def case_add_rfile(caseid):
         evidence = evidence_schema.load(request_data)
 
         crf = add_rfile(evidence=evidence,
-                          user_id=current_user.id,
-                          caseid=caseid
+                        user_id=current_user.id,
+                        caseid=caseid
                          )
 
         crf = call_modules_hook('on_postload_evidence_create', data=crf, caseid=caseid)
diff --git a/source/app/blueprints/case/case_routes.py b/source/app/blueprints/case/case_routes.py
index 1e79a46bc..63fe4c38c 100644
--- a/source/app/blueprints/case/case_routes.py
+++ b/source/app/blueprints/case/case_routes.py
@@ -67,7 +67,7 @@
 from app.models import UserActivity
 from app.models.authorization import CaseAccessLevel
 from app.models.authorization import User
-from app.schema.marshables import TaskLogSchema, CaseSchema
+from app.schema.marshables import TaskLogSchema, CaseSchema, CaseDetailsSchema
 from app.util import ac_api_case_requires, add_obj_history_entry
 from app.util import ac_case_requires
 from app.util import ac_socket_requires
@@ -245,6 +245,13 @@ def export_case(caseid):
     return response_success('', data=export_case_json(caseid))
 
 
+@case_blueprint.route("/case/meta", methods=['GET'])
+@ac_api_case_requires(CaseAccessLevel.read_only, CaseAccessLevel.full_access)
+def meta_case(caseid):
+    case_details = get_case(caseid)
+    return response_success('', data= CaseDetailsSchema().dump(case_details))
+
+
 @case_blueprint.route('/case/tasklog/add', methods=['POST'])
 @ac_api_case_requires(CaseAccessLevel.full_access)
 def case_add_tasklog(caseid):
diff --git a/source/app/blueprints/case/templates/case.html b/source/app/blueprints/case/templates/case.html
index ee8fe5239..68e4f06a3 100644
--- a/source/app/blueprints/case/templates/case.html
+++ b/source/app/blueprints/case/templates/case.html
@@ -23,47 +23,53 @@
                     <div class="d-flex align-items-left align-items-md-center flex-column flex-md-row mt--3">
                         <div class="col">
                             <div class="row">
-                                <h2 class="text-white pb-2 fw-bold case-name"> <i class="icon-big flaticon-network mr-2"></i> {{ case.name|unquote }}
-                                </h2>
+                                <div class="col">
+                                    <h2 class="text-white pb-2 fw-bold case-name"> {{ case.name|unquote }}
+                                    </h2>
+                                </div>
                             </div>
-                            <h5 class="text-white op-7 mb-1"><b>Open on</b> {{ case.open_date }} by {{ case.user.name }}</h5>
-                            <h5 class="text-white op-7 mb-3"><b>Owned by</b> {{ case.owner.name }}</h5>
-                            {% if case.close_date %}
-                            <h5 class="text-warning  mb-1">Closed on {{ case.close_date }}</h5>
-                            {% endif %}
-
-                        </div>
-                        <div class="col mt-4">
-                            <div class="row">
-                                 <span title="Case outcome" class="float-right btn btn-rounded badge-pill hidden-caret ml-auto btn-xs mr-2 mb-2 {% if case.status_id == 1%}badge-success{% elif case.status_id == 2 %}badge-danger{% else %}btn-light{% endif %}"
-                                    onclick="case_detail('{{ case.case_id }}', true);"
-                                 ><i class="fa-solid fa-group-arrows-rotate mr-2"></i>{{ case.status_name }}</span>
+                             <div class="row">
+                                <div class="col">
+                                <h5 class="text-white op-7 mb-1"><b>Open on</b> {{ case.open_date }} by {{ case.user.name }}</h5>
+                                <h5 class="text-white op-7 mb-3"><b>Owned by</b> {{ case.owner.name }}</h5>
+                                {% if case.close_date %}
+                                <h5 class="text-warning  mb-1">Closed on {{ case.close_date }}</h5>
+                                {% endif %}
                             </div>
-                            <div class="row">
-                                  <div class="ml-auto">
-                                    <div class="row">
-                                        <h5 class="text-white op-7 mb-2 float-right mr-4"><b>Customer</b> : {{ case.client.name }}</h5>
+                                <div class="col mt-auto">
+                                <div class="row">
+                                    {% if case.severity %}<span onclick="case_detail('{{ case.case_id }}', true);" class="btn btn-rounded badge-pill hidden-caret btn-sm ml-2 mb-2 ml-auto {% if case.severity.severity_id > 4 %} badge-danger {% elif case.severity.severity_id == 4 %} bg-warning-gradient text-dark {% else %} btn-light {% endif %} ml-2" title="Case severity"><i class="fa-solid fa-bolt mr-1"></i> {{ case.severity.severity_name }}</span>{% endif %}
+                                     <span title="Case outcome" class="float-right btn btn-rounded badge-pill hidden-caret btn-sm ml-2 mb-2 {% if case.status_id == 1%}badge-success{% elif case.status_id == 2 %}badge-danger{% else %}btn-light{% endif %}"
+                                        onclick="case_detail('{{ case.case_id }}', true);"
+                                     ><i class="fa-solid fa-group-arrows-rotate mr-2"></i>{{ case.status_name }}</span>
+                                </div>
+                                <div class="row">
+                                      <div class="ml-auto">
+                                        <div class="row">
+                                            <h5 class="text-white op-7 mb-2 float-right mr-4"><b>Customer</b> : {{ case.client.name }}</h5>
+                                        </div>
+                                          <div class="row">
+                                            {% if case.soc_id %} <h5 class="text-white op-7 mb-2 mr-4"><b>SOC ID :</b> {{ case.soc_id }}</h5> {% endif %}
+                                          </div>
                                     </div>
-                                      <div class="row">
-                                        {% if case.soc_id %} <h5 class="text-white op-7 mb-2 mr-4"><b>SOC ID :</b> {{ case.soc_id }}</h5> {% endif %}
-                                      </div>
                                 </div>
                             </div>
+                             </div>
                         </div>
                     </div>
                     <div class="row mt-2 mb--2">
 
                         <div class="ml-2 col">
                             <div class="row ml-1">
-                                {% if case.state %}<h5 title="Case state" onclick="case_detail('{{ case.case_id }}', true);" style="cursor:pointer;"><span class="btn-rounded badge-pill hidden-caret btn-sm btn-light"><i class="fa-solid fa-business-time  mr-1"></i> {{ case.state.state_name }}</span></h5>{% endif %}
+                                {% if case.state %}<h5 title="Case state" onclick="case_detail('{{ case.case_id }}', true);" style="cursor:pointer;"><span class="btn-rounded badge-pill hidden-caret btn-sm btn-light" title="Case state"><i class="fa-solid fa-business-time  mr-1"></i> {{ case.state.state_name }}</span></h5>{% endif %}
                                 {% if case.classification %}<h5 title="Classification" onclick="case_detail('{{ case.case_id }}', true);" style="cursor:pointer;"><span class="btn-rounded badge-pill hidden-caret btn-sm btn-light ml-2"><i class="fa-solid fa-shield-virus mr-1"></i>{{ case.classification.name_expanded }}</span></h5>{% endif %}
-                                {% if case.alerts| length > 0 %}<h5 title="Alerts"><a class="btn-rounded badge-pill hidden-caret btn-sm btn-dark ml-2 badge-warning" href="/alerts?cid={{ case.case_id }}&sort=desc&case_id={{ case.case_id }}" target="_blank" rel="noopener"><i class="fa-solid fa-bell mr-1"></i> {{ case.alerts| length }} related alerts</a></h5>{% endif %}
+                                {% if case.alerts| length > 0 %}<h5 title="Alerts"><a class="btn-rounded badge-pill hidden-caret btn-sm btn-dark ml-2 bg-warning-gradient text-dark" href="/alerts?cid={{ case.case_id }}&sort=desc&case_id={{ case.case_id }}" target="_blank" rel="noopener"><i class="fa-solid fa-bell mr-1"></i> {{ case.alerts| length }} related alerts</a></h5>{% endif %}
                                 {% if case.review_status.status_name == "Reviewed" %}
                                 <h5 title="Reviewed"> <a class="text-white btn-rounded badge-pill hidden-caret btn-sm ml-2 badge-success"><i class="fa-regular fa-circle-check mr-2"></i>Case reviewed by {% if case.reviewer.id == current_user.id %} you {% else %} {{ case.reviewer.name }} {% endif %}</a></h5>
                                 {% endif %}
                             </div>
                         </div>
-                        <div class="col mr-2">
+                        <div class="col mr-1">
                             {% if case.case_tags %}
                             {% for tag in case.case_tags %}
                             <span class="badge badge-pill badge-light ml-1 pull-right"><i class="fa fa-tag mr-1"></i> {{ tag }}</span>
diff --git a/source/app/blueprints/case/templates/case_assets.html b/source/app/blueprints/case/templates/case_assets.html
index da89d142f..64a2cf434 100644
--- a/source/app/blueprints/case/templates/case_assets.html
+++ b/source/app/blueprints/case/templates/case_assets.html
@@ -11,7 +11,7 @@
     <div class="content">
         {% if current_user.is_authenticated %}
         {{ form.hidden_tag() }}
-        <nav class="navbar navbar-header navbar-expand-lg pt-2 pb-2 bg-primary-gradient">
+        <nav class="navbar navbar-header navbar-expand-lg pt-2 pb-2 bg-case-gradient">
                 <div class="container-fluid">
                     <div class="collapse" id="search-nav">
                         <div id="tables_button"></div>
diff --git a/source/app/blueprints/case/templates/case_graph_timeline.html b/source/app/blueprints/case/templates/case_graph_timeline.html
index 5bb0cf16b..60e4aba7b 100644
--- a/source/app/blueprints/case/templates/case_graph_timeline.html
+++ b/source/app/blueprints/case/templates/case_graph_timeline.html
@@ -67,7 +67,6 @@
 {% block javascripts %}
 
 <script src="/static/assets/js/core/moments.min.js"></script>
-<script src="/static/assets/js/core/bootstrap-datetimepicker.min.js"></script>
 
 <script src="/static/assets/js/plugin/tagsinput/suggesttag.js"></script>
 <script src="/static/assets/js/plugin/select/select2.js"></script>
diff --git a/source/app/blueprints/case/templates/case_ioc.html b/source/app/blueprints/case/templates/case_ioc.html
index fc455fb7f..9a5b0a8b9 100644
--- a/source/app/blueprints/case/templates/case_ioc.html
+++ b/source/app/blueprints/case/templates/case_ioc.html
@@ -16,7 +16,7 @@
 
         {% if current_user.is_authenticated %}
         {{ form.hidden_tag() }}
-         <nav class="navbar navbar-header navbar-expand-lg pt-2 pb-2 bg-primary-gradient">
+         <nav class="navbar navbar-header navbar-expand-lg pt-2 pb-2 bg-case-gradient">
                 <div class="container-fluid">
                     <div class="collapse" id="search-nav">
                         <div id="tables_button"></div>
diff --git a/source/app/blueprints/case/templates/case_notes.html b/source/app/blueprints/case/templates/case_notes.html
index 146b5a78e..0ee50ece2 100644
--- a/source/app/blueprints/case/templates/case_notes.html
+++ b/source/app/blueprints/case/templates/case_notes.html
@@ -12,7 +12,7 @@
 
         {% if current_user.is_authenticated %}
         {{ form.hidden_tag() }}
-            <nav class="navbar navbar-header navbar-expand-lg pt-2 pb-2 bg-primary-gradient">
+            <nav class="navbar navbar-header navbar-expand-lg pt-2 pb-2 bg-case-gradient">
                 <div class="container-fluid">
                      <div class="collapse search-flex" id="search-nav">
                          <ul class="list-group list-group-bordered hidden-caret" id="notes_search_list"></ul>
diff --git a/source/app/blueprints/case/templates/case_rfile.html b/source/app/blueprints/case/templates/case_rfile.html
index 8612e3dd1..1f2e2ccb4 100644
--- a/source/app/blueprints/case/templates/case_rfile.html
+++ b/source/app/blueprints/case/templates/case_rfile.html
@@ -13,7 +13,7 @@
 
         {% if current_user.is_authenticated %}
         {{ form.hidden_tag() }}
-            <nav class="navbar navbar-header navbar-expand-lg pt-2 pb-2 bg-primary-gradient">
+            <nav class="navbar navbar-header navbar-expand-lg pt-2 pb-2 bg-case-gradient">
                 <div class="container-fluid">
                     <div class="collapse" id="search-nav">
                         <div id="tables_button"></div>
@@ -53,7 +53,7 @@
                                     <thead>
                                         <tr>
                                             <th>Name</th>
-                                            <th>Date</th>
+                                            <th>Type</th>
                                             <th>Hash</th>
                                             <th>Size (bytes)</th>
                                             <th>Description</th>
@@ -63,7 +63,7 @@
                                     <tfoot>
                                         <tr>
                                             <th>Name</th>
-                                            <th>Date</th>
+                                            <th>Type</th>
                                             <th>Hash</th>
                                             <th>Size(bytes)</th>
                                             <th>Description</th>
@@ -97,7 +97,8 @@
 {% endblock content %}
 {% block javascripts %}
 {% include 'includes/footer_case.html' %}
-
+<script src="/static/assets/js/core/moments.min.js"></script>
+<script src="/static/assets/js/core/bootstrap-datetimepicker.min.js"></script>
 <script src="/static/assets/js/iris/case.rfiles.js"></script>
 <script>
 </script>
diff --git a/source/app/blueprints/case/templates/case_tasks.html b/source/app/blueprints/case/templates/case_tasks.html
index 086d12a88..141c09ef9 100644
--- a/source/app/blueprints/case/templates/case_tasks.html
+++ b/source/app/blueprints/case/templates/case_tasks.html
@@ -20,7 +20,7 @@
 
         {% if current_user.is_authenticated %}
         {{ form.hidden_tag() }}
-            <nav class="navbar navbar-header navbar-expand-lg pt-2 pb-2 bg-primary-gradient">
+            <nav class="navbar navbar-header navbar-expand-lg pt-2 pb-2 bg-case-gradient">
                 <div class="container-fluid">
                     <div class="collapse" id="search-nav">
                         <div id="tables_button"></div>
diff --git a/source/app/blueprints/case/templates/modal_add_case_ioc.html b/source/app/blueprints/case/templates/modal_add_case_ioc.html
index b568b0c55..b5619c63c 100644
--- a/source/app/blueprints/case/templates/modal_add_case_ioc.html
+++ b/source/app/blueprints/case/templates/modal_add_case_ioc.html
@@ -49,7 +49,7 @@ <h4 class="modal-title mr-4">{% if ioc.ioc_id %}Edit IOC #{{ ioc.ioc_id }}{% els
                                     {{ form.ioc_type_id(class="selectpicker pl--6 col-10") }}
                                 </div>
                                 <div class="col-6">
-                                    <label for="ioc_type" class="mr-4">TLP *
+                                    <label for="ioc_tlp" class="mr-4">TLP *
                                     </label>
                                     {{ form.ioc_tlp_id(class="selectpicker pl--6 col-10") }}
                                 </div>
diff --git a/source/app/blueprints/case/templates/modal_add_case_rfile.html b/source/app/blueprints/case/templates/modal_add_case_rfile.html
index 159b0bfad..75fce86aa 100644
--- a/source/app/blueprints/case/templates/modal_add_case_rfile.html
+++ b/source/app/blueprints/case/templates/modal_add_case_rfile.html
@@ -40,19 +40,66 @@ <h4 class="modal-title mr-4">{% if rfile.id %}Edit evidence #{{rfile.id}}{% else
                         <form method="post" action="" id="form_edit_rfile">
                             <div class="col-md-12 col-lg-12 col-sm-12">
                                 <div class="form-group">
-                                    <label for="rfile_filename" class="placeholder">Filename *</label>
-                                    <input class="form-control" placeholder="Filename" id="filename" required name="filename" value="{{ rfile.filename }}"/>
+                                    <label for="rfile_filename" class="placeholder">Name *</label>
+                                    <input class="form-control" placeholder="Name" id="filename" required name="filename" value="{{rfile.filename }}"/>
                                 </div>
                                 <div class="form-group">
-                                    <label for="rfile_size" class="placeholder">File size (bytes) *</label>
+                                    <label for="rfile_type" class="placeholder">Type </label>
+                                    <span style="display: none" data-file-type-id="{{rfile.type_id}}" id=store_type_id></span>
+                                    <select class="selectpicker form-control" id="file_type_id"></select>
+                                </div>
+                                <div class="form-group">
+                                    <label for="rfile_size" class="placeholder">Size (bytes)</label>
                                     <input class="form-control" placeholder="Size in bytes" id="file_size" name="file_size" value="{{ rfile.file_size }}"/>
                                 </div>
                                 <div class="form-group">
-                                    <label for="rfile_hash" class="placeholder">File Hash</label>
+                                    <label for="rfile_hash" class="placeholder">Hash</label>
                                     <input class="form-control" placeholder="Hash" id="file_hash" name="file_hash" value="{{ rfile.file_hash }}"/>
                                 </div>
+                                <div class="form-group" id="dates_details">
+                                    <a class="btn btn-light btn-sm" data-toggle="collapse" href="#collapseAddDates" role="button" aria-expanded="false" aria-controls="collapseAddInfo">> Date time information</a>
+                                    <div class="collapse {% if (rfile.start_date or rfile.end_date) %}show{% endif %}" id="collapseAddDates">
+                                        <label for="start_date" class="placeholder mt-2">Evidence start date time (UTC)</label>
+                                        <div class="row ml-1" id="start_date_inputs">
+                                                <input class="form-control col-6 mr-2" type="date" id="start_date" {% if rfile.start_date %}value="{{ rfile.start_date.strftime('%Y-%m-%d') }}" {% endif %}>
+                                                <span></span>
+                                                <input class="form-control col-5 mr-2" type="time" step="0.001" id="start_time" {% if rfile.start_date %}value="{{ rfile.start_date.strftime('%H:%M:%S.%f')[:-3] }}" {% else %} value="00:00:00.000" {% endif %}>
+                                                <span></span>
+                                                <button class="btn btn-sm btn-outline-white" type="button" onclick="show_x_time_converter('start');return false;"><i class="fas fa-magic"></i></button>
+                                        </div>
+                                        <div class="row ml-1" id="start_date_convert" style="display:none;">
+                                            <div class="input-group ">
+                                                <input class="form-control col-11" type="text" id="start_date_convert_input" placeholder="Enter date in any format and submit to try auto-parsing">
+                                                <div class="input-group-append">
+                                                    <button class="btn btn-sm btn-outline-secondary mr-2" type="button" onclick="time_converter('start');return false;">Submit</button>
+                                                    <button class="btn btn-sm btn-outline" type="button" onclick="hide_x_time_converter('start');return false;"><i class="fas fa-magic"></i></button>
+                                                </div>
+                                            </div>
+                                            <span id="convert_bad_feedback_start" class="text-danger"></span>
+                                        </div>
+                                        <label for="end_date" class="placeholder mt-2">Evidence end date time (UTC)</label>
+                                        <div class="row ml-1" id="end_date_inputs">
+                                                <input class="form-control col-6 mr-2" type="date" id="end_date" {% if rfile.end_date %}value="{{ rfile.end_date.strftime('%Y-%m-%d') }}" {% endif %}>
+                                                <span></span>
+                                                <input class="form-control col-5 mr-2" type="time" step="0.001" id="end_time" {% if rfile.end_date %}value="{{ rfile.end_date.strftime('%H:%M:%S.%f')[:-3] }}" {% else %} value="00:00:00.000" {% endif %}>
+                                                <span></span>
+                                                <button class="btn btn-sm btn-outline-white" type="button" onclick="show_x_time_converter('end');return false;"><i class="fas fa-magic"></i></button>
+                                        </div>
+                                        <div class="row ml-1" id="end_date_convert" style="display:none;">
+                                            <div class="input-group ">
+                                                <input class="form-control col-11" type="text" id="end_date_convert_input" placeholder="Enter date in any format and submit to try auto-parsing">
+                                                <div class="input-group-append">
+                                                    <button class="btn btn-sm btn-outline-secondary mr-2" type="button" onclick="time_converter('end');return false;">Submit</button>
+                                                    <button class="btn btn-sm btn-outline" type="button" onclick="hide_x_time_converter('end');return false;"><i class="fas fa-magic"></i></button>
+                                                </div>
+                                            </div>
+                                            <span id="convert_bad_feedback_end" class="text-danger"></span>
+                                        </div>
+                                    </div>
+                                </div>
+
                                 <div class="form-group">
-                                    <label for="rfile_desc" class="placeholder">File description</label>
+                                    <label for="rfile_desc" class="placeholder">Description</label>
                                      <div class="md_description_field">
                                         <div class="form-group mt--2">
                                             <button type="button" class="float-right icon-note btn btn-circle btn-sm mt-2" onclick="edit_in_evidence_desc();" >
@@ -76,7 +123,7 @@ <h4 class="modal-title mr-4">{% if rfile.id %}Edit evidence #{{rfile.id}}{% else
                                     </div>
                                 </div>
                                 <div class="form-group">
-                                    <p>Automatically compute file information by selecting it below. The file will not be uploaded nor saved.</p>
+                                    <p>Locally compute file information by selecting it below. <span class="text-danger">The file is not be uploaded on the server nor saved.</span></p>
                                     <input id="input_autofill" type="file">
                                     <button class="btn btn-sm" type="button" onclick="get_hash()" id="btn_rfile_proc">Process</button>
                                 </div>
diff --git a/source/app/blueprints/context/context.py b/source/app/blueprints/context/context.py
index ddcfbd88d..1845f40e8 100644
--- a/source/app/blueprints/context/context.py
+++ b/source/app/blueprints/context/context.py
@@ -81,21 +81,10 @@ def has_updates():
     return dict(has_updates=False)
 
 
-@ctx_blueprint.route('/context/get-cases/<int:max_results>', methods=['GET'])
-@ac_api_requires(no_cid_required=True)
-def cases_context(max_results,  caseid):
-    # Get all investigations not closed
-    datao = ctx_get_user_cases(current_user.id, max_results=max_results)
-
-    return response_success(data=datao)
-
-
 @ctx_blueprint.route('/context/search-cases', methods=['GET'])
 @ac_api_requires(no_cid_required=True)
 def cases_context_search(caseid):
     search = request.args.get('q')
-    if not search:
-        return response_success(data=[])
 
     # Get all investigations not closed
     datao = ctx_search_user_cases(search, current_user.id, max_results=100)
diff --git a/source/app/blueprints/manage/manage_cases_routes.py b/source/app/blueprints/manage/manage_cases_routes.py
index dbbe53ef5..ba1f73325 100644
--- a/source/app/blueprints/manage/manage_cases_routes.py
+++ b/source/app/blueprints/manage/manage_cases_routes.py
@@ -48,12 +48,13 @@
 from app.datamgmt.manage.manage_case_state_db import get_case_states_list, get_case_state_by_name
 from app.datamgmt.manage.manage_case_templates_db import get_case_templates_list, case_template_pre_modifier, \
     case_template_post_modifier
-from app.datamgmt.manage.manage_cases_db import close_case, map_alert_resolution_to_case_status
+from app.datamgmt.manage.manage_cases_db import close_case, map_alert_resolution_to_case_status, get_filtered_cases
 from app.datamgmt.manage.manage_cases_db import delete_case
 from app.datamgmt.manage.manage_cases_db import get_case_details_rt
 from app.datamgmt.manage.manage_cases_db import get_case_protagonists
 from app.datamgmt.manage.manage_cases_db import list_cases_dict
 from app.datamgmt.manage.manage_cases_db import reopen_case
+from app.datamgmt.manage.manage_common import get_severities_list
 from app.datamgmt.manage.manage_users_db import get_user_organisations
 from app.forms import AddCaseForm
 from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access
@@ -69,7 +70,7 @@
 from app.models.authorization import CaseAccessLevel
 from app.models.authorization import Permissions
 from app.models.models import Client, ReviewStatusList
-from app.schema.marshables import CaseSchema
+from app.schema.marshables import CaseSchema, CaseDetailsSchema
 from app.util import ac_api_case_requires, add_obj_history_entry
 from app.util import ac_api_requires
 from app.util import ac_api_return_access_denied
@@ -160,17 +161,20 @@ def details_case_from_case_modal(cur_id: int, caseid: int, url_redir: bool) -> U
     if not ac_fast_check_current_user_has_case_access(cur_id, [CaseAccessLevel.read_only, CaseAccessLevel.full_access]):
         return ac_api_return_access_denied(caseid=cur_id)
 
-    res = get_case_details_rt(cur_id)
+    res = get_case(cur_id)
+    res = CaseDetailsSchema().dump(res)
     case_classifications = get_case_classifications_list()
     case_states = get_case_states_list()
     customers = get_client_list()
+    severities = get_severities_list()
     protagonists = get_case_protagonists(cur_id)
 
     form = FlaskForm()
 
     if res:
         return render_template("modal_case_info_from_case.html", data=res, form=form, protagonists=protagonists,
-                               case_classifications=case_classifications, case_states=case_states, customers=customers)
+                               case_classifications=case_classifications, case_states=case_states, customers=customers,
+                               severities=severities)
 
     else:
         return response_error("Unknown case")
@@ -189,6 +193,70 @@ def get_case_api(cur_id, caseid):
     return response_error(f'Case ID {cur_id} not found')
 
 
+@manage_cases_blueprint.route('/manage/cases/filter', methods=['GET'])
+@ac_api_requires(no_cid_required=True)
+def manage_case_filter(caseid) -> Response:
+
+    page = request.args.get('page', 1, type=int)
+    per_page = request.args.get('per_page', 10, type=int)
+    case_ids_str = request.args.get('case_ids', None, type=str)
+    if case_ids_str:
+        try:
+
+            if ',' in case_ids_str:
+                case_ids_str = [int(alert_id) for alert_id in case_ids_str.split(',')]
+
+            else:
+                case_ids_str = [int(case_ids_str)]
+
+        except ValueError:
+            return response_error('Invalid case id')
+
+    case_customer_id = request.args.get('case_customer_id', None, type=str)
+    case_name = request.args.get('case_name', None, type=str)
+    case_description = request.args.get('case_description', None, type=str)
+    case_classification_id = request.args.get('case_classification_id', None, type=int)
+    case_owner_id = request.args.get('case_owner_id', None, type=int)
+    case_opening_user_id = request.args.get('case_opening_user_id', None, type=int)
+    case_severity_id = request.args.get('case_severity_id', None, type=int)
+    case_state_id = request.args.get('case_state_id', None, type=int)
+    case_soc_id = request.args.get('case_soc_id', None, type=str)
+    sort = request.args.get('sort')
+    start_open_date = request.args.get('start_open_date', None, type=str)
+    end_open_date = request.args.get('end_open_date', None, type=str)
+
+    filtered_cases = get_filtered_cases(
+        case_ids=case_ids_str,
+        case_customer_id=case_customer_id,
+        case_name=case_name,
+        case_description=case_description,
+        case_classification_id=case_classification_id,
+        case_owner_id=case_owner_id,
+        case_opening_user_id=case_opening_user_id,
+        case_severity_id=case_severity_id,
+        case_state_id=case_state_id,
+        case_soc_id=case_soc_id,
+        sort=sort,
+        start_open_date=start_open_date,
+        end_open_date=end_open_date,
+        page=page,
+        per_page=per_page,
+        current_user_id=current_user.id
+    )
+    if filtered_cases is None:
+        return response_error('Filtering error')
+
+    cases = {
+        'total': filtered_cases.total,
+        'cases': CaseDetailsSchema().dump(filtered_cases.items, many=True),
+        'last_page': filtered_cases.pages,
+        'current_page': filtered_cases.page,
+        'next_page': filtered_cases.next_num if filtered_cases.has_next else None,
+    }
+
+    return response_success(cases)
+
+
 @manage_cases_blueprint.route('/manage/cases/delete/<int:cur_id>', methods=['POST'])
 @ac_api_requires(Permissions.standard_user, no_cid_required=True)
 def api_delete_case(cur_id, caseid):
diff --git a/source/app/blueprints/manage/manage_evidence_types_route.py b/source/app/blueprints/manage/manage_evidence_types_route.py
new file mode 100644
index 000000000..526649705
--- /dev/null
+++ b/source/app/blueprints/manage/manage_evidence_types_route.py
@@ -0,0 +1,244 @@
+#!/usr/bin/env python3
+#
+#  IRIS Source Code
+#  contact@dfir-iris.org
+#
+#  This program is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation; either
+#  version 3 of the License, or (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this program; if not, write to the Free Software Foundation,
+#  Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+import marshmallow
+from typing import Union
+
+from flask import Blueprint, Response, url_for, render_template, request
+from werkzeug.utils import redirect
+
+from app import db
+from app.datamgmt.manage.manage_evidence_types_db import get_evidence_types_list, \
+    get_evidence_type_by_id, \
+    get_evidence_type_by_name, verify_evidence_type_in_use
+from app.forms import CaseClassificationForm, EvidenceTypeForm
+from app.iris_engine.utils.tracker import track_activity
+from app.models.authorization import Permissions
+from app.schema.marshables import CaseClassificationSchema, EvidenceTypeSchema
+from app.util import ac_api_requires, response_error, ac_requires
+from app.util import response_success
+
+manage_evidence_types_blueprint = Blueprint('manage_evidence_types',
+                                            __name__,
+                                            template_folder='templates')
+
+
+# CONTENT ------------------------------------------------
+@manage_evidence_types_blueprint.route('/manage/evidence-types/list', methods=['GET'])
+@ac_api_requires(no_cid_required=True)
+def list_evidence_types(caseid: int) -> Response:
+    """Get the list of evidence types
+
+    Args:
+        caseid (int): case id
+
+    Returns:
+        Flask Response object
+
+    """
+    l_cl = get_evidence_types_list()
+
+    return response_success("", data=l_cl)
+
+
+@manage_evidence_types_blueprint.route('/manage/evidence-types/<int:evidence_type_id>', methods=['GET'])
+@ac_api_requires(no_cid_required=True)
+def get_evidence_type(evidence_type_id: int, caseid: int) -> Response:
+    """Get an evidence type
+
+    Args:
+        evidence_type (int): evidence type ID
+        caseid (int): case id
+
+    Returns:
+        Flask Response object
+    """
+
+    evidence_type_schema = EvidenceTypeSchema()
+    evidence_type = get_evidence_type_by_id(evidence_type_id)
+    if evidence_type is None:
+        return response_error(f"Invalid evidence type ID {evidence_type_id}")
+
+    return response_success("", data=evidence_type_schema.dump(evidence_type))
+
+
+@manage_evidence_types_blueprint.route('/manage/evidence-types/update/<int:evidence_type_id>/modal',
+                                       methods=['GET'])
+@ac_requires(Permissions.server_administrator, no_cid_required=True)
+def update_evidence_type_modal(evidence_type_id: int, caseid: int, url_redir: bool) -> Union[str, Response]:
+    """Update an evidence type
+
+    Args:
+        evidence_type_id (int): evidence type id
+        caseid (int): case id
+        url_redir (bool): redirect to url
+
+    Returns:
+        Flask Response object or str
+    """
+    if url_redir:
+        return redirect(url_for('manage_evidence_types_blueprint.update_evidence_type_modal',
+                                evidence_type_id=evidence_type_id, caseid=caseid))
+
+    evidence_type_form = EvidenceTypeForm()
+    evidence_type = get_evidence_type_by_id(evidence_type_id)
+    if not evidence_type:
+        return response_error(f"Invalid evidence type ID {evidence_type_id}")
+
+    evidence_type_form.name.render_kw = {'value': evidence_type.name}
+    evidence_type_form.description.render_kw = {'value': evidence_type.description}
+
+    return render_template("modal_evidence_types.html", form=evidence_type_form,
+                           evidence_type=evidence_type)
+
+
+@manage_evidence_types_blueprint.route('/manage/evidence-types/update/<int:evidence_type_id>',
+                                       methods=['POST'])
+@ac_api_requires(Permissions.server_administrator, no_cid_required=True)
+def update_case_classification(evidence_type_id: int, caseid: int) -> Response:
+    """Update an evidence type
+
+    Args:
+        evidence_type_id (int): evidence type id
+        caseid (int): case id
+
+    Returns:
+        Flask Response object
+    """
+    if not request.is_json:
+        return response_error("Invalid request")
+
+    evidence_type = get_evidence_type_by_id(evidence_type_id)
+    if not evidence_type:
+        return response_error(f"Invalid evidence type ID {evidence_type_id}")
+
+    ccl = EvidenceTypeSchema()
+
+    try:
+
+        ccls = ccl.load(request.get_json(), instance=evidence_type)
+
+        if ccls:
+            track_activity(f"updated evidence type {ccls.id}", caseid=caseid)
+            return response_success("Evidence type updated", ccl.dump(ccls))
+
+    except marshmallow.exceptions.ValidationError as e:
+        return response_error(msg="Data error", data=e.messages, status=400)
+
+    return response_error("Unexpected error server-side. Nothing updated", data=evidence_type)
+
+
+@manage_evidence_types_blueprint.route('/manage/evidence-types/add/modal', methods=['GET'])
+@ac_requires(Permissions.server_administrator, no_cid_required=True)
+def add_evidence_type_modal(caseid: int, url_redir: bool) -> Union[str, Response]:
+    """Add an evidence type
+
+    Args:
+        caseid (int): case id
+        url_redir (bool): redirect to url
+
+    Returns:
+        Flask Response object or str
+    """
+    if url_redir:
+        return redirect(url_for('manage_evidence_types_blueprint.add_evidence_type_modal',
+                                caseid=caseid))
+
+    evidence_form = EvidenceTypeForm()
+
+    return render_template("modal_evidence_types.html", form=evidence_form, evidence_type=None)
+
+
+@manage_evidence_types_blueprint.route('/manage/evidence-types/add', methods=['POST'])
+@ac_api_requires(Permissions.server_administrator, no_cid_required=True)
+def add_evidence_type(caseid: int) -> Response:
+    """Add an evidence type
+
+    Args:
+        caseid (int): case id
+
+    Returns:
+        Flask Response object
+    """
+    if not request.is_json:
+        return response_error("Invalid request")
+
+    ccl = EvidenceTypeSchema()
+
+    try:
+
+        ccls = ccl.load(request.get_json())
+
+        if ccls:
+            db.session.add(ccls)
+            db.session.commit()
+
+            track_activity(f"added evidence type {ccls.name}", caseid=caseid)
+            return response_success("Evidence type added", ccl.dump(ccls))
+
+    except marshmallow.exceptions.ValidationError as e:
+        return response_error(msg="Data error", data=e.messages, status=400)
+
+    return response_error("Unexpected error server-side. Nothing added", data=None)
+
+
+@manage_evidence_types_blueprint.route('/manage/evidence-types/delete/<int:evidence_type_id>',
+                                       methods=['POST'])
+@ac_api_requires(Permissions.server_administrator, no_cid_required=True)
+def delete_evidence_type(evidence_type_id: int, caseid: int) -> Response:
+    """Delete an evidence type
+
+    Args:
+        evidence_type_id (int): evidence type id
+        caseid (int): case id
+
+    Returns:
+        Flask Response object
+    """
+    if verify_evidence_type_in_use(evidence_type_id):
+        return response_error("Evidence type is in use. Please delete evidences using this type beforehand.")
+
+    evidence_type = get_evidence_type_by_id(evidence_type_id)
+    if not evidence_type:
+        return response_error(f"Invalid evidence type ID {evidence_type_id}")
+
+    db.session.delete(evidence_type)
+    db.session.commit()
+
+    track_activity(f"deleted evidence type {evidence_type.name}", caseid=caseid)
+    return response_success("Evidence type deleted")
+
+
+@manage_evidence_types_blueprint.route('/manage/evidence-types/search', methods=['POST'])
+@ac_api_requires(no_cid_required=True)
+def search_evidence_type(caseid):
+    if not request.is_json:
+        return response_error("Invalid request")
+
+    evidence_type_name = request.json.get('evidence_type_name')
+    if evidence_type_name is None:
+        return response_error("Invalid evidence type name. Got None")
+
+    exact_match = request.json.get('exact_match', False)
+
+    evidence_type = search_evidence_type(evidence_type_name, exact_match=exact_match)
+    if not evidence_type:
+        return response_error("No evidence type found")
+
+    schema = EvidenceTypeSchema(many=True)
+    return response_success("", data=schema.dump(evidence_type))
diff --git a/source/app/blueprints/manage/templates/manage_objects.html b/source/app/blueprints/manage/templates/manage_objects.html
index 523421454..1535d86da 100644
--- a/source/app/blueprints/manage/templates/manage_objects.html
+++ b/source/app/blueprints/manage/templates/manage_objects.html
@@ -191,6 +191,50 @@
             </div>
         </div>
     </div>
+    <div class="row">
+        <div class="col-md-12">
+            <div class="card">
+                <div class="card-header" >
+                    <div class="row">
+                        <div class="col col-heading collapsed" href="#collapse_evidence" title="Click to unfold"  data-toggle="collapse" role="button" aria-expanded="false" aria-controls="collapse_evidence">
+                            <span class="accicon float-left mr-3"><i class="fas fa-angle-right rotate-icon"></i></span>
+                            <div class="card-title">Evidence types</div>
+                        </div>
+                        <div class="col float-right">
+                            <button type="button" class="btn btn-sm btn-dark float-right ml-2" onclick="refresh_evidence_table();">
+                                Refresh
+                            </button>
+                            <button class="btn btn-sm btn-dark float-right ml-2" onclick="add_evidence_type();">Add new</button>
+                        </div>
+                    </div>
+                </div>
+                <div class="card-body collapse" id="collapse_evidence">
+                    <div class="table-responsive" id="evidence_table_wrapper">
+                        <div class="selectgroup">
+                            <span id="evidence_buttons"></span>
+                        </div>
+                        <table class="table display table table-striped table-hover" width="100%"
+                            cellspacing="0" id="evidence_table">
+                            <thead>
+                                <tr>
+
+                                    <th>Name</th>
+                                    <th>Description</th>
+                                </tr>
+                            </thead>
+                            <tfoot>
+                                <tr>
+                                    <th>Name</th>
+                                    <th>Description</th>
+                                </tr>
+                            </tfoot>
+                        </table>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+
 </div>
     <div class="modal" tabindex="-1"  id="modal_add_type" data-backdrop="true">
         <div class="modal-lg modal-dialog" role="document">
diff --git a/source/app/blueprints/manage/templates/modal_case_info_from_case.html b/source/app/blueprints/manage/templates/modal_case_info_from_case.html
index f779a0470..b741f39c4 100644
--- a/source/app/blueprints/manage/templates/modal_case_info_from_case.html
+++ b/source/app/blueprints/manage/templates/modal_case_info_from_case.html
@@ -3,7 +3,7 @@
     <div class="col md-12">
         <div class="row">
             <div class="col align-self-center">
-                <h4 class="modal-title mr-4">{{ data.case_name|unquote }}
+                <h4 class="modal-title mr-4">{{ data.name|unquote }}
                     {% if data.modification_history %}
                         <i class="fa-solid fa-clock-rotate-left ml-3 mt-2" data-toggle="popover" data-html="true" id="pop_history" style="cursor: pointer;"
                                 title="Modifications history"
@@ -50,24 +50,24 @@ <h4>General info <button class="ml-2 btn btn-sm float-right" onclick="edit_case_
                         <div class="col-6 col-xs-12 col-md-6">
                             <div class="form-group">
                                 <label>Case name :</label>
-                                <span type="text" class="">{{ data.case_name|unquote }}</span>
+                                <span type="text" class="">{{ data.name|unquote }}</span>
                             </div>
                             <div class="form-group mt--3">
                                 <label>Case description :</label>
-                                <span type="text" class="">{{ data.case_description[0:50] }}</span>
+                                <span type="text" class="">{{ data.description[0:50] }}</span>
                             </div>
                             <div class="form-group mt--3">
                                 <label>Customer :</label>
-                                <span type="text" class="text-faded">{{ data.customer_name }}</span>
+                                <span type="text" class="text-faded">{{ data.client.customer_name }}</span>
                             </div>
                             <div class="form-group mt--3">
                                 <label>Case tags :</label>
-                                <span type="text" class="text-faded">{% if data.case_tags %} {% for tag in data.case_tags.split(',') %}
+                                <span type="text" class="text-faded">{% if data.tags %} {% for tag in data.case_tags %}
                                     <span class="badge badge-pill badge-light ml-1"><i class="fa fa-tag mr-1"></i>{{ tag }}</span> {% endfor %}{% endif %}</span>
                             </div>
                             <div class="form-group mt--3">
                                 <label>SOC ID :</label>
-                                <span type="text" class="text-faded">{{ data.case_soc_id }}</span>
+                                <span type="text" class="text-faded">{{ data.soc_id }}</span>
                             </div>
                             <div class="form-group mt--3">
                                 <label>Case ID :</label>
@@ -82,14 +82,18 @@ <h4>General info <button class="ml-2 btn btn-sm float-right" onclick="edit_case_
                             <div class="form-group mt--3">
                                 <label>Classification :</label>
                                 {% if data.classification %}
-                                    <span type="text" class="text-faded">{{ data.classification }}</span>
+                                    <span type="text" class="text-faded">{{ data.classification.classification_name }}</span>
                                     {% else %}
                                     <span type="text" class="text-faded">Unknown</span>
                                 {% endif %}
                             </div>
                             <div class="form-group mt--3">
                                 <label>State :</label>
-                                <span type="text" class="text-faded">{{ data.state_name }}</span>
+                                <span type="text" class="text-faded">{{ data.state.state_name }}</span>
+                            </div>
+                            <div class="form-group mt--3">
+                                <label>Severity :</label>
+                                <span type="text" class="text-faded">{{ data.severity.severity_name }}</span>
                             </div>
                             <div class="form-group mt--3">
                                 <label>Open date :</label>
@@ -97,16 +101,16 @@ <h4>General info <button class="ml-2 btn btn-sm float-right" onclick="edit_case_
                             </div>
                             <div class="form-group mt--3">
                                 <label>Opening user :</label>
-                                <span type="text" class="">{{ data.open_by_user }}</span>
+                                <span type="text" class="">{{ data.user.user_name }}</span>
                             </div>
                             <div class="form-group mt--3">
                                 <label>Owner :</label>
-                                <span type="text" class="">{{ data.owner }}</span>
+                                <span type="text" class="">{{ data.owner.user_name }}</span>
                             </div>
                             {% if data.reviewer %}
                                 <div class="form-group mt--3">
                                     <label>Reviewer :</label>
-                                    <span type="text" class="">{{ data.reviewer }}</span>
+                                    <span type="text" class="">{{ data.reviewer.user_name }}</span>
                                 </div>
                             {% endif %}
                             {% if data.review_status %}
@@ -144,7 +148,7 @@ <h4 class=" pb-3">Edit case information</h4>
                                             <div class="input-group-prepend">
                                                 <span class="input-group-text">Case name  <i class="ml-2">{{"#{} - ".format(data.case_id)}}</i></span>
                                             </div>
-                                             <input type="text" class="form-control" name="case_name" value="{{ data.case_name.replace('#{} - '.format(data.case_id), '')}}">
+                                             <input type="text" class="form-control" name="case_name" value="{{ data.name.replace('#{} - '.format(data.case_id), '')}}">
                                         </div>
                                     </div>
                                     <div class="col-xs-12 col-6">
@@ -152,7 +156,7 @@ <h4 class=" pb-3">Edit case information</h4>
                                             <div class="input-group-prepend">
                                                 <span class="input-group-text">SOC ticket ID</span>
                                             </div>
-                                            <input type="text" class="form-control" name="case_soc_id" value="{{ data.case_soc_id }}">
+                                            <input type="text" class="form-control" name="case_soc_id" value="{{ data.soc_id }}">
                                         </div>
                                     </div>
                                 </div>
@@ -220,7 +224,7 @@ <h4 class=" pb-3">Edit case information</h4>
                                             <select class="selectpicker form-control"
                                                   id="case_quick_customer" name="case_customer">
                                                 {% for cst in customers %}
-                                                    <option value="{{ cst.customer_id }}" {% if data.customer_id == cst.customer_id %}selected{% endif %} class="badge-text">{{ cst.customer_name }}</option>
+                                                    <option value="{{ cst.customer_id }}" {% if data.client_id == cst.customer_id %}selected{% endif %} class="badge-text">{{ cst.customer_name }}</option>
                                                 {% endfor %}
                                             </select>
                                         </div>
@@ -236,6 +240,24 @@ <h4 class=" pb-3">Edit case information</h4>
                                         </div>
                                     </div>
                                 </div>
+                                <div class="row">
+                                    <div class="col-xs-12 col-6">
+                                        <div class="input-group mb-2">
+                                            <div class="input-group-prepend fix-label-item">
+                                                <span class="input-group-text">Severity</span>
+                                            </div>
+                                            <select class="selectpicker form-control"
+                                                  id="case_quick_severity" name="severity_id">
+                                                {% for cst in severities %}
+                                                    <option value="{{ cst.severity_id }}" {% if data.severity_id == cst.severity_id %}selected{% endif %} class="badge-text">{{ cst.severity_name }}</option>
+                                                {% endfor %}
+                                            </select>
+                                        </div>
+                                    </div>
+                                    <div class="col-xs-12 col-6">
+
+                                    </div>
+                                </div>
                                 <div class="form-group px-0">
                                     <label for="asset_tags">Case tags
                                     </label>
@@ -416,6 +438,10 @@ <h5>Protagonist</h5>
         title: "Customer",
         style: "btn-outline-white"
     });
-
+    $('#case_quick_severity').selectpicker({
+        liveSearch: true,
+        title: "Severity",
+        style: "btn-outline-white"
+    });
     access_case_info_reload('{{ data.case_id }}', '{{ data.owner_id }}', '{{ data.reviewer_id }}');
 </script>
diff --git a/source/app/blueprints/manage/templates/modal_evidence_types.html b/source/app/blueprints/manage/templates/modal_evidence_types.html
new file mode 100644
index 000000000..fa748f25b
--- /dev/null
+++ b/source/app/blueprints/manage/templates/modal_evidence_types.html
@@ -0,0 +1,38 @@
+<div class="modal-header">
+    <h4>Evidence Type</h4>
+    <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span
+            aria-hidden="true">&times;</span></button>
+</div>
+<div class="modal-body">
+
+        <div class="container col-md-12">
+        <form method="post" action="" id="form_new_evidence_type" enctype="multipart/form-data">
+            <div class="col-md-12 col-lg-12 col-sm-12">
+                {{ form.hidden_tag() }}
+                <div class="form-group">
+                    <label for="name" class="mr-4">Name
+                    </label>
+                    {{ form.name(class='form-control',  autocomplete="off") }}
+                </div>
+                <div class="form-group mt-3">
+                    <label for="description" class="placeholder">Description</label>
+                    {{ form.description(class='form-control',  autocomplete="off") }}
+                </div>
+
+            {% if evidence_type.id %}
+                <button type="button" class="btn btn-outline-danger mt-5"
+                onclick="delete_evidence_type('{{ evidence_type.id }}');">Delete</button>
+                <button type="button" class="btn btn-outline-success ml-4 mt-5 float-right"
+                id="submit_new_evidence_type">Update</button>
+
+            {% else %}
+
+                <button type="button" class="btn btn-outline-success ml-4 mt-5 float-right"
+                id="submit_new_evidence_type">Save</button>
+
+            {% endif %}
+            </div>
+        </form>
+    </div>
+
+</div>
diff --git a/source/app/blueprints/overview/templates/overview.html b/source/app/blueprints/overview/templates/overview.html
index a8ea7176c..03e3d4905 100644
--- a/source/app/blueprints/overview/templates/overview.html
+++ b/source/app/blueprints/overview/templates/overview.html
@@ -51,7 +51,6 @@
                                         cellspacing="0" id="overview_table">
                                     <thead>
                                         <tr>
-                                            <th></th>
                                             <th>Title</th>
                                             <th>Customer</th>
                                             <th>Classification</th>
@@ -65,7 +64,6 @@
                                     </thead>
                                     <tfoot>
                                         <tr>
-                                            <th></th>
                                             <th>Title</th>
                                             <th>Customer</th>
                                             <th>Classification</th>
diff --git a/source/app/configuration.py b/source/app/configuration.py
index c3029629f..5ac8b3212 100644
--- a/source/app/configuration.py
+++ b/source/app/configuration.py
@@ -265,7 +265,7 @@ class CeleryConfig:
 # --------- APP ---------
 class Config:
     # Handled by bumpversion
-    IRIS_VERSION = "v2.3.3"
+    IRIS_VERSION = "v2.3.4"
 
     API_MIN_VERSION = "2.0.0"
     API_MAX_VERSION = "2.0.3"
diff --git a/source/app/datamgmt/alerts/alerts_db.py b/source/app/datamgmt/alerts/alerts_db.py
index 8c03bcb47..777c5fc6f 100644
--- a/source/app/datamgmt/alerts/alerts_db.py
+++ b/source/app/datamgmt/alerts/alerts_db.py
@@ -17,15 +17,13 @@
 #  You should have received a copy of the GNU Lesser General Public License
 #  along with this program; if not, write to the Free Software Foundation,
 #  Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-from functools import reduce
-
 import json
-
 from datetime import datetime, timedelta
-
 from flask_login import current_user
+from functools import reduce
 from operator import and_
 from sqlalchemy import desc, asc, func, tuple_, or_
+from sqlalchemy.orm import aliased
 from sqlalchemy.orm import joinedload
 from typing import List, Tuple
 
@@ -35,17 +33,15 @@
 from app.datamgmt.case.case_events_db import update_event_assets, update_event_iocs
 from app.datamgmt.case.case_iocs_db import add_ioc, add_ioc_link
 from app.datamgmt.manage.manage_case_state_db import get_case_state_by_name
-from app.datamgmt.manage.manage_case_templates_db import case_template_pre_modifier, get_case_template_by_id, \
+from app.datamgmt.manage.manage_case_templates_db import get_case_template_by_id, \
     case_template_post_modifier
 from app.datamgmt.states import update_timeline_state
 from app.models import Cases, EventCategory, Tags, AssetsType, Comments, CaseAssets, alert_assets_association, \
     alert_iocs_association, Ioc, IocLink
 from app.models.alerts import Alert, AlertStatus, AlertCaseAssociation, SimilarAlertsCache, AlertResolutionStatus
-from app.schema.marshables import IocSchema, CaseAssetsSchema, EventSchema
+from app.schema.marshables import EventSchema
 from app.util import add_obj_history_entry
 
-from sqlalchemy.orm import aliased
-
 
 def db_list_all_alerts():
     """
@@ -430,6 +426,8 @@ def create_case_from_alert(alert: Alert, iocs_list: List[str], assets_list: List
         tag = tag.save()
         case.tags.append(tag)
 
+    case.severity_id = alert.alert_severity_id
+
     db.session.commit()
 
     # Link the alert to the case
diff --git a/source/app/datamgmt/case/case_db.py b/source/app/datamgmt/case/case_db.py
index 643d42938..47aaff7f7 100644
--- a/source/app/datamgmt/case/case_db.py
+++ b/source/app/datamgmt/case/case_db.py
@@ -17,21 +17,19 @@
 #  You should have received a copy of the GNU Lesser General Public License
 #  along with this program; if not, write to the Free Software Foundation,
 #  Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-import datetime
 
 import binascii
 from sqlalchemy import and_
 
 from app import db
 from app.models import Tags
+from app.models.authorization import User
 from app.models.cases import CaseProtagonist
-from app.models.cases import CaseTags
 from app.models.cases import Cases
 from app.models.models import CaseTemplateReport, ReviewStatus
 from app.models.models import Client
 from app.models.models import Languages
 from app.models.models import ReportType
-from app.models.authorization import User
 
 
 def get_case_summary(caseid):
diff --git a/source/app/datamgmt/case/case_rfiles_db.py b/source/app/datamgmt/case/case_rfiles_db.py
index c795216e7..5c766ad2d 100644
--- a/source/app/datamgmt/case/case_rfiles_db.py
+++ b/source/app/datamgmt/case/case_rfiles_db.py
@@ -33,18 +33,11 @@
 
 
 def get_rfiles(caseid):
-    crf = CaseReceivedFile.query.with_entities(
-        CaseReceivedFile.id,
-        CaseReceivedFile.file_uuid,
-        CaseReceivedFile.filename,
-        CaseReceivedFile.date_added,
-        CaseReceivedFile.file_hash,
-        CaseReceivedFile.file_description,
-        CaseReceivedFile.file_size,
-        User.name.label('username')
-    ).filter(
+    crf = CaseReceivedFile.query.filter(
         CaseReceivedFile.case_id == caseid
-    ).join(CaseReceivedFile.user).order_by(desc(CaseReceivedFile.date_added)).all()
+    ).order_by(
+        desc(CaseReceivedFile.date_added)
+    ).all()
 
     return crf
 
diff --git a/source/app/datamgmt/context/context_db.py b/source/app/datamgmt/context/context_db.py
index 3802f1db0..078322e69 100644
--- a/source/app/datamgmt/context/context_db.py
+++ b/source/app/datamgmt/context/context_db.py
@@ -16,7 +16,7 @@
 #  You should have received a copy of the GNU Lesser General Public License
 #  along with this program; if not, write to the Free Software Foundation,
 #  Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-from sqlalchemy import and_
+from sqlalchemy import and_, case, or_, asc
 from sqlalchemy import desc
 
 from app.models import Cases
@@ -26,16 +26,22 @@
 
 
 def ctx_get_user_cases(user_id, max_results: int = 100):
+    user_priority_sort = case(
+        [(Cases.owner_id == user_id, 0)],
+        else_=1
+    )
     uceas = UserCaseEffectiveAccess.query.with_entities(
         Cases.case_id,
         Cases.name,
         Client.name.label('customer_name'),
         Cases.close_date,
+        Cases.owner_id,
         UserCaseEffectiveAccess.access_level
     ).join(
         UserCaseEffectiveAccess.case,
         Cases.client
     ).order_by(
+        asc(user_priority_sort),
         desc(Cases.case_id)
     ).filter(
         UserCaseEffectiveAccess.user_id == user_id
@@ -58,23 +64,44 @@ def ctx_get_user_cases(user_id, max_results: int = 100):
 
 
 def ctx_search_user_cases(search, user_id, max_results: int = 100):
+    user_priority_sort = case(
+        [(Cases.owner_id == user_id, 0)],
+        else_=1
+    ).label("user_priority")
+
+    print(search)
+
+    conditions = []
+    if not search:
+        conditions.append(UserCaseEffectiveAccess.user_id == user_id)
+
+    else:
+        conditions.append(and_(
+            UserCaseEffectiveAccess.user_id == user_id,
+            or_(
+                Cases.name.ilike('%{}%'.format(search)),
+                Client.name.ilike('%{}%'.format(search))
+        )))
+
     uceas = UserCaseEffectiveAccess.query.with_entities(
         Cases.case_id,
         Cases.name,
+        Cases.owner_id,
         Client.name.label('customer_name'),
         Cases.close_date,
         UserCaseEffectiveAccess.access_level
     ).join(
-        UserCaseEffectiveAccess.case,
+        UserCaseEffectiveAccess.case
+    ).join(
         Cases.client
     ).order_by(
+        user_priority_sort,
         desc(Cases.case_id)
-    ).filter(and_(
-        UserCaseEffectiveAccess.user_id == user_id,
-        Cases.name.ilike('%{}%'.format(search))
-    )
+    ).filter(
+        *conditions
     ).limit(max_results).all()
 
+
     results = []
     for ucea in uceas:
         if ucea.access_level & CaseAccessLevel.deny_all.value == CaseAccessLevel.deny_all.value:
diff --git a/source/app/datamgmt/manage/manage_cases_db.py b/source/app/datamgmt/manage/manage_cases_db.py
index 36fde4c1a..a1acf7645 100644
--- a/source/app/datamgmt/manage/manage_cases_db.py
+++ b/source/app/datamgmt/manage/manage_cases_db.py
@@ -17,19 +17,18 @@
 #  You should have received a copy of the GNU Lesser General Public License
 #  along with this program; if not, write to the Free Software Foundation,
 #  Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-from pathlib import Path
-
 from datetime import datetime
-from sqlalchemy import and_
-from sqlalchemy.orm import aliased, contains_eager, subqueryload
+from pathlib import Path
+from sqlalchemy import and_, desc, asc
+from sqlalchemy.orm import aliased
+from sqlalchemy.util import reduce
 
-from app import db
+from app import db, app
 from app.datamgmt.alerts.alerts_db import search_alert_resolution_by_name
 from app.datamgmt.case.case_db import get_case_tags
-from app.datamgmt.manage.manage_case_classifications_db import get_case_classification_by_id
 from app.datamgmt.manage.manage_case_state_db import get_case_state_by_name
 from app.datamgmt.states import delete_case_states
-from app.models import CaseAssets, CaseClassification, alert_assets_association, CaseStatus, TaskAssignee, TaskComments
+from app.models import CaseAssets, CaseClassification, alert_assets_association, CaseStatus, TaskAssignee
 from app.models import CaseEventCategory
 from app.models import CaseEventsAssets
 from app.models import CaseEventsIoc
@@ -45,16 +44,15 @@
 from app.models import Notes
 from app.models import NotesGroup
 from app.models import NotesGroupLink
-from app.models.alerts import Alert, AlertCaseAssociation
+from app.models import UserActivity
+from app.models.alerts import AlertCaseAssociation
 from app.models.authorization import CaseAccessLevel
 from app.models.authorization import GroupCaseAccess
 from app.models.authorization import OrganisationCaseAccess
 from app.models.authorization import User
-from app.models import UserActivity
 from app.models.authorization import UserCaseAccess
 from app.models.authorization import UserCaseEffectiveAccess
 from app.models.cases import CaseProtagonist, CaseTags, CaseState
-from app.schema.marshables import CaseDetailsSchema
 
 
 def list_cases_id():
@@ -192,6 +190,9 @@ def map_alert_resolution_to_case_status(case_status_id):
     elif case_status_id == CaseStatus.true_positive_without_impact.value:
         ares = search_alert_resolution_by_name('True Positive Without Impact', exact_match=True)
 
+    elif case_status_id == CaseStatus.unknown.value:
+        ares = search_alert_resolution_by_name('Unknown', exact_match=True)
+
     else:
         ares = search_alert_resolution_by_name('Not Applicable', exact_match=True)
 
@@ -373,3 +374,105 @@ def delete_case(case_id):
     db.session.commit()
 
     return True
+
+
+def get_filtered_cases(start_open_date: str = None,
+                       end_open_date: str = None,
+                       case_customer_id: int = None,
+                       case_ids: list = None,
+                       case_name: str = None,
+                       case_description: str = None,
+                       case_classification_id: int = None,
+                       case_owner_id: int = None,
+                       case_opening_user_id: int = None,
+                       case_severity_id: int = None,
+                       case_state_id: int = None,
+                       case_soc_id: str = None,
+                       sort: str = None,
+                       per_page: int = None,
+                       page: int = None,
+                       current_user_id = None
+                       ):
+    """
+    Get a list of cases from the database, filtered by the given parameters
+
+    args:
+        start_open_date (str): The start date of the open date range
+        end_open_date (str): The end date of the open date range
+        case_customer_id (int): The ID of the customer to filter by
+        case_ids (list): A list of case IDs to filter by
+        case_name (str): The name of the case to filter by
+        case_description (str): The description of the case to filter by
+        case_classification_id (int): The ID of the classification to filter by
+        case_owner_id (int): The ID of the owner to filter by
+        case_opening_user_id (int): The ID of the user who opened the case to filter by
+        case_severity_id (int): The ID of the severity to filter by
+        case_state_id (int): The ID of the state to filter by
+        case_soc_id (str): The ID of the SOC to filter by
+        sort (str): The sort order to use
+        per_page (int): The number of cases to return per page
+        page (int): The page number to return
+        current_user_id (int): The ID of the current user
+
+    returns:
+        list: A list of cases
+    """
+    conditions = []
+
+    if start_open_date is not None and end_open_date is not None:
+        conditions.append(Cases.open_date.between(start_open_date, end_open_date))
+
+    if case_customer_id is not None:
+        conditions.append(Cases.client_id == case_customer_id)
+
+    if case_ids is not None:
+        conditions.append(Cases.case_id.in_(case_ids))
+
+    if case_name is not None:
+        conditions.append(Cases.name.ilike(f'%{case_name}%'))
+
+    if case_description is not None:
+        conditions.append(Cases.description.ilike(f'%{case_description}%'))
+
+    if case_classification_id is not None:
+        conditions.append(Cases.classification_id == case_classification_id)
+
+    if case_owner_id is not None:
+        conditions.append(Cases.owner_id == case_owner_id)
+
+    if case_opening_user_id is not None:
+        conditions.append(Cases.user_id == case_opening_user_id)
+
+    if case_severity_id is not None:
+        conditions.append(Cases.severity_id == case_severity_id)
+
+    if case_state_id is not None:
+        conditions.append(Cases.state_id == case_state_id)
+
+    if case_soc_id is not None:
+        conditions.append(Cases.soc_id == case_soc_id)
+
+    if len(conditions) > 1:
+        conditions = [reduce(and_, conditions)]
+
+    # filter out cases the user doesn't have access to
+    conditions.append(Cases.case_id.in_(user_list_cases_view(current_user_id)))
+
+    order_func = desc if sort == "desc" else asc
+
+    try:
+
+        # Query the cases using the filter conditions
+        filtered_cases = db.session.query(
+            Cases
+        ).filter(
+            *conditions
+        ).order_by(
+            order_func(Cases.case_id)
+        ).paginate(page=page, per_page=per_page, error_out=False)
+
+    except Exception as e:
+        app.logger.exception(f"Error getting cases: {str(e)}")
+        return None
+
+    return filtered_cases
diff --git a/source/app/datamgmt/manage/manage_evidence_types_db.py b/source/app/datamgmt/manage/manage_evidence_types_db.py
new file mode 100644
index 000000000..e8e7e6112
--- /dev/null
+++ b/source/app/datamgmt/manage/manage_evidence_types_db.py
@@ -0,0 +1,99 @@
+#!/usr/bin/env python3
+#
+#  IRIS Source Code
+#  contact@dfir-iris.org
+#
+#  This program is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation; either
+#  version 3 of the License, or (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this program; if not, write to the Free Software Foundation,
+#  Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+from sqlalchemy import func
+from typing import List
+
+from app.models import EvidenceTypes, CaseReceivedFile
+
+
+def get_evidence_types_list() -> List[dict]:
+    """Get a list of evidence types
+
+    Returns:
+        List[dict]: List of evidence types
+    """
+    evidence_types = EvidenceTypes.query.with_entities(
+        EvidenceTypes.id,
+        EvidenceTypes.name,
+        EvidenceTypes.description,
+        EvidenceTypes.creation_date
+    ).all()
+
+    c_cl = [row._asdict() for row in evidence_types]
+    return c_cl
+
+
+def get_evidence_type_by_id(cur_id: int) -> EvidenceTypes:
+    """Get an evidence type from its ID
+
+    Args:
+        cur_id (int): evidence type id
+
+    Returns:
+        EvidenceTypes: Evidence Type
+    """
+    evidence_type = EvidenceTypes.query.filter_by(id=cur_id).first()
+    return evidence_type
+
+
+def verify_evidence_type_in_use(cur_id: int) -> bool:
+    """Returns true if the evidence type is in use
+
+    Args:
+        cur_id (int): Evidence type id to check
+
+    Returns:
+        Bool: True if in us
+    """
+    exists = CaseReceivedFile.query.filter(
+        CaseReceivedFile.type_id == cur_id
+    ).first()
+
+    return exists is not None
+
+
+def get_evidence_type_by_name(cur_name: str) -> EvidenceTypes:
+    """Get an evidence type
+
+    Args:
+        cur_name (str): evidence type name
+
+    Returns:
+        EvidenceTypes: Evidence type
+    """
+    case_classification = EvidenceTypes.query.filter_by(name=cur_name).first()
+    return case_classification
+
+
+def search_evidence_type_by_name(name: str, exact_match: bool = False) -> List[dict]:
+    """Search for an evidence type by name
+
+    Args:
+        name (str): evidence type name
+        exact_match (bool, optional): Exact match. Defaults to False.
+
+    Returns:
+        List[dict]: List of evidence types
+    """
+    if exact_match:
+        query_filter = (func.lower(EvidenceTypes.name) == name.lower())
+    else:
+        query_filter = (EvidenceTypes.name.ilike(f'%{name}%'))
+
+    return EvidenceTypes.query.filter(query_filter).all()
diff --git a/source/app/datamgmt/reporter/report_db.py b/source/app/datamgmt/reporter/report_db.py
index 8ae758837..4403ebebd 100644
--- a/source/app/datamgmt/reporter/report_db.py
+++ b/source/app/datamgmt/reporter/report_db.py
@@ -46,6 +46,7 @@
 from app.models import TaskStatus
 from app.models import Tlp
 from app.models.authorization import User
+from app.schema.marshables import CaseDetailsSchema
 
 
 def export_case_json(case_id):
@@ -197,28 +198,12 @@ def export_caseinfo_json(case_id):
 
     case = Cases.query.filter(
         Cases.case_id == case_id
-    ).with_entities(
-        Cases.name,
-        Cases.open_date,
-        Cases.description,
-        Cases.soc_id,
-        User.name.label('opened_by'),
-        Client.name.label('for_customer'),
-        Cases.close_date,
-        Cases.custom_attributes,
-        Cases.case_id,
-        Cases.case_uuid,
-        Cases.status_id
-    ).join(
-        Cases.user, Cases.client
     ).first()
 
     if not case:
         return None
 
-    case = case._asdict()
-
-    case['status_name'] = CaseStatus(case['status_id']).name
+    case = CaseDetailsSchema().dump(case)
 
     return case
 
diff --git a/source/app/forms.py b/source/app/forms.py
index ae1dadbc5..a8638f72e 100644
--- a/source/app/forms.py
+++ b/source/app/forms.py
@@ -84,6 +84,11 @@ class CaseClassificationForm(FlaskForm):
     description = StringField(u'Case classification description', validators=[DataRequired()])
 
 
+class EvidenceTypeForm(FlaskForm):
+    name = StringField(u'Evidence type name', validators=[DataRequired()])
+    description = StringField(u'Evidence type description', validators=[DataRequired()])
+
+
 class CaseStateForm(FlaskForm):
     state_name = StringField(u'Case state name', validators=[DataRequired()])
     state_description = StringField(u'Case state description', validators=[DataRequired()])
diff --git a/source/app/models/cases.py b/source/app/models/cases.py
index 3eff8027d..a34f79ddb 100644
--- a/source/app/models/cases.py
+++ b/source/app/models/cases.py
@@ -70,6 +70,7 @@ class Cases(db.Model):
     classification_id = Column(ForeignKey('case_classification.id'))
     reviewer_id = Column(ForeignKey('user.id'), nullable=True)
     review_status_id = Column(ForeignKey('review_status.id'), nullable=True)
+    severity_id = Column(ForeignKey('severities.severity_id'), nullable=True)
 
     modification_history = Column(JSON)
 
@@ -78,6 +79,7 @@ class Cases(db.Model):
     owner = relationship('User', foreign_keys=[owner_id])
     classification = relationship('CaseClassification')
     reviewer = relationship('User', foreign_keys=[reviewer_id])
+    severity = relationship('Severity')
 
     alerts = relationship('Alert', secondary="alert_case_association", back_populates='cases', viewonly=True)
 
diff --git a/source/app/models/models.py b/source/app/models/models.py
index 414fa083b..26c231232 100644
--- a/source/app/models/models.py
+++ b/source/app/models/models.py
@@ -218,6 +218,18 @@ class CaseClassification(db.Model):
     created_by = relationship('User')
 
 
+class EvidenceTypes(db.Model):
+    __tablename__ = 'evidence_type'
+
+    id = Column(Integer, primary_key=True)
+    name = Column(Text)
+    description = Column(Text)
+    creation_date = Column(DateTime, server_default=func.now(), nullable=True)
+    created_by_id = Column(ForeignKey('user.id'), nullable=True)
+
+    created_by = relationship('User')
+
+
 class CaseTemplate(db.Model):
     __tablename__ = 'case_template'
 
@@ -571,15 +583,21 @@ class CaseReceivedFile(db.Model):
     file_uuid = Column(UUID(as_uuid=True), default=uuid.uuid4, server_default=text("gen_random_uuid()"), nullable=False)
     filename = Column(Text)
     date_added = Column(DateTime)
-    file_hash = Column(String(65))
+    acquisition_date = Column(DateTime)
+    file_hash = Column(Text)
     file_description = Column(Text)
     file_size = Column(BigInteger)
+    start_date = Column(DateTime)
+    end_date = Column(DateTime)
     case_id = Column(ForeignKey('cases.case_id'))
     user_id = Column(ForeignKey('user.id'))
+    type_id = Column(ForeignKey('evidence_type.id'))
     custom_attributes = Column(JSON)
+    chain_of_custody = Column(JSON)
 
     case = relationship('Cases')
     user = relationship('User')
+    type = relationship('EvidenceTypes')
 
 
 class TaskStatus(db.Model):
diff --git a/source/app/post_init.py b/source/app/post_init.py
index 9712f5c54..bceb0c16f 100644
--- a/source/app/post_init.py
+++ b/source/app/post_init.py
@@ -58,7 +58,7 @@
 from app.models.authorization import User
 from app.models.cases import Cases, CaseState
 from app.models.cases import Client
-from app.models.models import AnalysisStatus, CaseClassification, ReviewStatus, ReviewStatusList
+from app.models.models import AnalysisStatus, CaseClassification, ReviewStatus, ReviewStatusList, EvidenceTypes
 from app.models.models import AssetsType
 from app.models.models import EventCategory
 from app.models.models import IocType
@@ -127,8 +127,8 @@ def run_post_init(development=False):
         # Attempt to connect to the database with retries
         log.info("Attempting to connect to the database...")
         for i in range(retry_count):
-            log.info("Connecting to database, attempt " + str(i+1) + "/" + str(retry_count))
-            conn = connect_to_database(db_host,db_port)
+            log.info("Connecting to database, attempt " + str(i + 1) + "/" + str(retry_count))
+            conn = connect_to_database(db_host, db_port)
             if conn is not None:
                 break
             log.info("Retrying in " + str(retry_delay) + "seconds...")
@@ -166,7 +166,8 @@ def run_post_init(development=False):
 
         prevent_objects = srv_settings.prevent_post_objects_repush
 
-        # Create base languages, OS types, IOC types, attributes, report types, TLP, event categories, assets, analysis status, case classification, task status, severities, alert status, case states, and hooks
+        # Create base languages, OS types, IOC types, attributes, report types, TLP, event categories, assets,
+        # analysis status, case classification, task status, severities, alert status, case states, and hooks
         log.info("Creating base languages")
         create_safe_languages()
 
@@ -209,6 +210,9 @@ def run_post_init(development=False):
         log.info("Creating base alert status")
         create_safe_alert_status()
 
+        log.info("Creating base evidence types")
+        create_safe_evidence_types()
+
         log.info("Creating base alert resolution status")
         create_safe_alert_resolution_status()
 
@@ -254,10 +258,10 @@ def run_post_init(development=False):
             log.warning("| DO NOT USE IN PRODUCTION |")
             log.warning("============================")
             users_data = create_demo_users(def_org, gadm, ganalysts,
-                              int(app.config.get('DEMO_USERS_COUNT', 10)),
-                              app.config.get('DEMO_USERS_SEED'),
-                              int(app.config.get('DEMO_ADM_COUNT', 4)),
-                              app.config.get('DEMO_ADM_SEED'))
+                                           int(app.config.get('DEMO_USERS_COUNT', 10)),
+                                           app.config.get('DEMO_USERS_SEED'),
+                                           int(app.config.get('DEMO_ADM_COUNT', 4)),
+                                           app.config.get('DEMO_ADM_SEED'))
 
             create_demo_cases(users_data=users_data,
                               cases_count=int(app.config.get('DEMO_CASES_COUNT', 20)),
@@ -274,6 +278,7 @@ def run_post_init(development=False):
             log.info(f'You can now login with user {admin.user} and password >>> {pwd} <<< '
                      f'on {os.getenv("INTERFACE_HTTPS_PORT")}')
 
+
 def create_safe_db(db_name):
     """Creates a new database with the specified name if it does not already exist.
 
@@ -296,10 +301,10 @@ def create_safe_hooks():
     # --- Alert
     create_safe(db.session, IrisHook, hook_name='on_postload_alert_create',
                 hook_description='Triggered on alert creation, after commit in DB')
-    
+
     create_safe(db.session, IrisHook, hook_name='on_postload_alert_delete',
                 hook_description='Triggered on alert deletion, after commit in DB')
-    
+
     create_safe(db.session, IrisHook, hook_name='on_postload_alert_update',
                 hook_description='Triggered on alert update, after commit in DB')
 
@@ -308,20 +313,19 @@ def create_safe_hooks():
 
     create_safe(db.session, IrisHook, hook_name='on_postload_alert_status_update',
                 hook_description='Triggered on alert status update, after commit in DB')
-    
+
     create_safe(db.session, IrisHook, hook_name='on_postload_alert_escalate',
                 hook_description='Triggered on alert escalation, after commit in DB')
-    
+
     create_safe(db.session, IrisHook, hook_name='on_postload_alert_merge',
                 hook_description='Triggered on alert merge, after commit in DB')
-    
+
     create_safe(db.session, IrisHook, hook_name='on_postload_alert_unmerge',
                 hook_description='Triggered on alert unmerge, after commit in DB')
 
     create_safe(db.session, IrisHook, hook_name='on_manual_trigger_alert',
                 hook_description='Triggered upon user action')
 
-    
     # --- Case
     create_safe(db.session, IrisHook, hook_name='on_preload_case_create',
                 hook_description='Triggered on case creation, before commit in DB')
@@ -332,10 +336,10 @@ def create_safe_hooks():
                 hook_description='Triggered on case deletion, before commit in DB')
     create_safe(db.session, IrisHook, hook_name='on_postload_case_delete',
                 hook_description='Triggered on case deletion, after commit in DB')
-    
+
     create_safe(db.session, IrisHook, hook_name='on_postload_case_update',
                 hook_description='Triggered on case update, after commit in DB')
-    
+
     create_safe(db.session, IrisHook, hook_name='on_manual_trigger_case',
                 hook_description='Triggered upon user action')
 
@@ -707,8 +711,8 @@ def create_safe_alert_status():
     # Create new AlertStatus objects for each status
     create_safe(db.session, AlertStatus, status_name='Unspecified', status_description="Unspecified")
     create_safe(db.session, AlertStatus, status_name='New', status_description="Alert is new and unassigned")
-    create_safe(db.session, AlertStatus, status_name='Assigned', status_description="Alert is assigned to a user and pending "
-                                                                      "investigation")
+    create_safe(db.session, AlertStatus, status_name='Assigned', status_description="Alert is assigned to a user and "
+                                                                                    "pending investigation")
     create_safe(db.session, AlertStatus, status_name='In progress', status_description="Alert is being investigated")
     create_safe(db.session, AlertStatus, status_name='Pending', status_description="Alert is in a pending state")
     create_safe(db.session, AlertStatus, status_name='Closed', status_description="Alert closed, no action taken")
@@ -716,6 +720,90 @@ def create_safe_alert_status():
     create_safe(db.session, AlertStatus, status_name='Escalated', status_description="Alert converted to a new case")
 
 
+def create_safe_evidence_types():
+    """Creates new Evidence Types objects if they do not already exist.
+
+    This function creates new Evidence Types objects with the specified type name
+    and type description if they do not already exist in the database.
+
+    """
+    # Create new EvidenceType objects for each status
+    create_safe(db.session, EvidenceTypes, name='Unspecified', description="Unspecified")
+
+    create_safe(db.session, EvidenceTypes, name='HDD image - Generic', description="Generic copy of an hard drive")
+    create_safe(db.session, EvidenceTypes, name='HDD image - DD - Other', description="DD copy of an hard drive")
+    create_safe(db.session, EvidenceTypes, name='HDD image - DD - Windows', description="DD copy of an hard drive")
+    create_safe(db.session, EvidenceTypes, name='HDD image - DD - Unix', description="DD copy of an hard drive")
+    create_safe(db.session, EvidenceTypes, name='HDD image - DD - MacOS', description="DD copy of an hard drive")
+
+    create_safe(db.session, EvidenceTypes, name='HDD image - E01 - Other', description="E01 acquisition of an hard drive")
+    create_safe(db.session, EvidenceTypes, name='HDD image - E01 - Windows', description="E01 acquisition of an hard drive")
+    create_safe(db.session, EvidenceTypes, name='HDD image - E01 - Unix', description="E01 acquisition of an hard drive")
+    create_safe(db.session, EvidenceTypes, name='HDD image - E01 - MacOS', description="E01 acquisition of an hard drive")
+
+    create_safe(db.session, EvidenceTypes, name='HDD image - AFF4 - Other', description="AFF4 acquisition of an hard drive")
+    create_safe(db.session, EvidenceTypes, name='HDD image - AFF4 - Windows', description="AFF4 acquisition of an hard drive")
+    create_safe(db.session, EvidenceTypes, name='HDD image - AFF4 - Unix', description="AFF4 acquisition of an hard drive")
+    create_safe(db.session, EvidenceTypes, name='HDD image - AFF4 - MacOS', description="AFF4 acquisition of an hard drive")
+
+    create_safe(db.session, EvidenceTypes, name='SSD image - Generic', description="Generic copy of an solid state drive")
+    create_safe(db.session, EvidenceTypes, name='SSD image - DD - Other', description="DD copy of an solid state drive")
+    create_safe(db.session, EvidenceTypes, name='SSD image - DD - Windows', description="DD copy of an solid state drive")
+    create_safe(db.session, EvidenceTypes, name='SSD image - DD - Unix', description="DD copy of an solid state drive")
+    create_safe(db.session, EvidenceTypes, name='SSD image - DD - MacOS', description="DD copy of an solid state drive")
+
+    create_safe(db.session, EvidenceTypes, name='SSD image - E01 - Other', description="EO1 copy of a solid state drive")
+    create_safe(db.session, EvidenceTypes, name='SSD image - E01 - Windows', description="EO1 copy of a solid state drive")
+    create_safe(db.session, EvidenceTypes, name='SSD image - E01 - Unix', description="EO1 copy of a solid state drive")
+    create_safe(db.session, EvidenceTypes, name='SSD image - E01 - MacOS', description="EO1 copy of MacOS on a solid state drive")
+
+    create_safe(db.session, EvidenceTypes, name='SSD image - AFF4 - Other', description="AFF4 copy of an solid state drive")
+    create_safe(db.session, EvidenceTypes, name='SSD image - AFF4 - Windows', description="AFF4 copy of an solid state drive")
+    create_safe(db.session, EvidenceTypes, name='SSD image - AFF4 - Unix', description="AFF4 copy of an solid state drive")
+    create_safe(db.session, EvidenceTypes, name='SSD image - AFF4 - MacOS', description="AFF4 copy of an solid state drive")
+
+    create_safe(db.session, EvidenceTypes, name='VM image - Generic', description="Generic copy of a VM ")
+    create_safe(db.session, EvidenceTypes, name='VM image - Linux Server', description="Copy of a Linux Server VM")
+    create_safe(db.session, EvidenceTypes, name='VM image - Windows Server', description="Copy of a Windows Server VM")
+    create_safe(db.session, EvidenceTypes, name='VM image - Windows Server', description="Copy of a Windows Server VM")
+
+    create_safe(db.session, EvidenceTypes, name='Phone Image - Android', description="Copy of an Android phone")
+    create_safe(db.session, EvidenceTypes, name='Phone Image - iPhone', description="Copy of an iPhone")
+    create_safe(db.session, EvidenceTypes, name='Phone backup - Android (adb)', description="adb backup of an Android")
+    create_safe(db.session, EvidenceTypes, name='Phone backup - iPhone (iTunes)', description="iTunes backup of an iPhone")
+
+    create_safe(db.session, EvidenceTypes, name='Tablet Image - Android', description="Copy of an Android tablet")
+    create_safe(db.session, EvidenceTypes, name='Tablet Image - iPad', description="Copy of an iPad tablet")
+    create_safe(db.session, EvidenceTypes, name='Tablet backup - Android (adb)', description="adb backup of an Android tablet")
+    create_safe(db.session, EvidenceTypes, name='Tablet backup - iPad (iTunes)', description="iTunes backup of an iPad")
+
+    create_safe(db.session, EvidenceTypes, name='Collection - Velociraptor', description="Velociraptor collection")
+    create_safe(db.session, EvidenceTypes, name='Collection - ORC', description="ORC collection")
+    create_safe(db.session, EvidenceTypes, name='Collection - KAPE', description="KAPE collection")
+
+    create_safe(db.session, EvidenceTypes, name="Memory acquisition - Physical RAM", description="Physical RAM acquisition")
+    create_safe(db.session, EvidenceTypes, name="Memory acquisition - VMEM", description="vmem file")
+
+    create_safe(db.session, EvidenceTypes, name="Logs - Linux", description="Standard Linux logs")
+    create_safe(db.session, EvidenceTypes, name="Logs - Windows EVTX", description="Standard Windows EVTX logs")
+    create_safe(db.session, EvidenceTypes, name="Logs - Windows EVT", description="Standard Windows EVT logs")
+    create_safe(db.session, EvidenceTypes, name="Logs - MacOS", description="Standard MacOS logs")
+    create_safe(db.session, EvidenceTypes, name="Logs - Generic", description="Generic logs")
+    create_safe(db.session, EvidenceTypes, name="Logs - Firewall", description="Firewall logs")
+    create_safe(db.session, EvidenceTypes, name="Logs - Proxy", description="Proxy logs")
+    create_safe(db.session, EvidenceTypes, name="Logs - DNS", description="DNS logs")
+    create_safe(db.session, EvidenceTypes, name="Logs - Email", description="Email logs")
+
+    create_safe(db.session, EvidenceTypes, name="Executable - Windows (PE)", description="Generic Windows executable")
+    create_safe(db.session, EvidenceTypes, name="Executable - Linux (ELF)", description="Generic Linux executable")
+    create_safe(db.session, EvidenceTypes, name="Executable - MacOS (Mach-O)", description="Generic MacOS executable")
+    create_safe(db.session, EvidenceTypes, name="Executable - Generic", description="Generic executable")
+
+    create_safe(db.session, EvidenceTypes, name="Script - Generic", description="Generic script")
+
+    create_safe(db.session, EvidenceTypes, name="Generic - Data blob", description="Generic blob of data")
+
+
 def create_safe_alert_resolution_status():
     """Creates new AlertResolutionStatus objects if they do not already exist.
 
@@ -731,6 +819,8 @@ def create_safe_alert_resolution_status():
                 resolution_status_description="The alert was a true positive but had no impact")
     create_safe(db.session, AlertResolutionStatus, resolution_status_name='Not Applicable',
                 resolution_status_description="The alert is not applicable")
+    create_safe(db.session, AlertResolutionStatus, resolution_status_name='Unknown',
+                resolution_status_description="Unknown resolution status")
 
 
 def create_safe_case_states():
@@ -889,7 +979,8 @@ def create_safe_auth_model():
     # Create new Analysts Group object
     try:
         ganalysts = get_or_create(db.session, Group, group_name="Analysts", group_description="Standard Analysts",
-                                  group_auto_follow=True, group_auto_follow_access_level=CaseAccessLevel.full_access.value,
+                                  group_auto_follow=True,
+                                  group_auto_follow_access_level=CaseAccessLevel.full_access.value,
                                   group_permissions=ac_get_mask_analyst())
 
     except exc.IntegrityError:
@@ -1071,363 +1162,471 @@ def create_safe_attributes():
 
 
 def create_safe_ioctypes():
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="AS", type_description="Autonomous system", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="aba-rtn", type_description="ABA routing transit number",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="account", type_description="Account of any type",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="anonymised",
-                type_description="Anonymised value - described with the anonymisation object via a relationship",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="attachment", type_description="Attachment with external information",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="authentihash",
-                type_description="Authenticode executable signature hash", type_taxonomy="",
-                type_validation_regex="[a-f0-9]{64}", type_validation_expect="64 hexadecimal characters"
-                )
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="boolean", type_description="Boolean value - to be used in objects",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="btc", type_description="Bitcoin Address", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="campaign-id", type_description="Associated campaign ID",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="campaign-name", type_description="Associated campaign name",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="cdhash",
-                type_description="An Apple Code Directory Hash, identifying a code-signed Mach-O executable file",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="chrome-extension-id", type_description="Chrome extension id",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="community-id",
-                type_description="a community ID flow hashing algorithm to map multiple traffic monitors into common flow id",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="cookie",
-                type_description="HTTP cookie as often stored on the user web client. This can include authentication cookie or session cookie.",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="dash", type_description="Dash Address", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="datetime", type_description="Datetime in the ISO 8601 format",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="dkim", type_description="DKIM public key", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="dkim-signature", type_description="DKIM signature", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="dns-soa-email",
-                type_description="RFC1035 mandates that DNS zones should have a SOA (Statement Of Authority) record that contains an email address where a PoC for the domain could be contacted. This can sometimes be used for attribution/linkage between different domains even if protected by whois privacy",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="domain", type_description="A domain name used in the malware",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="domain|ip",
-                type_description="A domain name and its IP address (as found in DNS lookup) separated by a |",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="email", type_description="An e-mail address", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="email-attachment",
-                type_description="File name of the email attachment.", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="email-body", type_description="Email body", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="email-dst",
-                type_description="The destination email address. Used to describe the recipient when describing an e-mail.",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="email-dst-display-name",
-                type_description="Email destination display name", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="email-header", type_description="Email header", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="email-message-id", type_description="The email message ID",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="email-mime-boundary",
-                type_description="The email mime boundary separating parts in a multipart email", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="email-reply-to", type_description="Email reply to header",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="email-src",
-                type_description="The source email address. Used to describe the sender when describing an e-mail.",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="email-src-display-name", type_description="Email source display name",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="email-subject", type_description="The subject of the email",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="email-thread-index", type_description="The email thread index header",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="email-x-mailer", type_description="Email x-mailer header",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="favicon-mmh3",
-                type_description="favicon-mmh3 is the murmur3 hash of a favicon as used in Shodan.", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename", type_description="Filename", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename-pattern", type_description="A pattern in the name of a file",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename|authentihash", type_description="A checksum in md5 format",
-                type_taxonomy="",
-                type_validation_regex='.+\|[a-f0-9]{64}', type_validation_expect="filename|64 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename|impfuzzy",
-                type_description="Import fuzzy hash - a fuzzy hash created based on the imports in the sample.",
-                type_taxonomy="", )
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename|imphash",
-                type_description="Import hash - a hash created based on the imports in the sample.", type_taxonomy="",
-                type_validation_regex='.+\|[a-f0-9]{32}', type_validation_expect="filename|32 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename|md5",
-                type_description="A filename and an md5 hash separated by a |", type_taxonomy="",
-                type_validation_regex='.+\|[a-f0-9]{32}', type_validation_expect="filename|32 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename|pehash",
-                type_description="A filename and a PEhash separated by a |", type_taxonomy="",
-                type_validation_regex='.+\|[a-f0-9]{40}', type_validation_expect="filename|40 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename|sha1",
-                type_description="A filename and an sha1 hash separated by a |", type_taxonomy="",
-                type_validation_regex='.+\|[a-f0-9]{40}', type_validation_expect="filename|40 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename|sha224",
-                type_description="A filename and a sha-224 hash separated by a |", type_taxonomy="",
-                type_validation_regex='.+\|[a-f0-9]{56}', type_validation_expect="filename|56 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename|sha256",
-                type_description="A filename and an sha256 hash separated by a |", type_taxonomy="",
-                type_validation_regex='.+\|[a-f0-9]{64}', type_validation_expect="filename|64 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename|sha3-224",
-                type_description="A filename and an sha3-224 hash separated by a |", type_taxonomy="",
-                type_validation_regex='.+\|[a-f0-9]{56}', type_validation_expect="filename|56 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename|sha3-256",
-                type_description="A filename and an sha3-256 hash separated by a |", type_taxonomy="",
-                type_validation_regex='.+\|[a-f0-9]{64}', type_validation_expect="filename|64 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename|sha3-384",
-                type_description="A filename and an sha3-384 hash separated by a |", type_taxonomy="",
-                type_validation_regex='.+\|[a-f0-9]{96}', type_validation_expect="filename|96 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename|sha3-512",
-                type_description="A filename and an sha3-512 hash separated by a |", type_taxonomy="",
-                type_validation_regex='.+\|[a-f0-9]{128}', type_validation_expect="filename|128 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename|sha384",
-                type_description="A filename and a sha-384 hash separated by a |", type_taxonomy="",
-                type_validation_regex='.+\|[a-f0-9]{96}', type_validation_expect="filename|96 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename|sha512",
-                type_description="A filename and a sha-512 hash separated by a |", type_taxonomy="",
-                type_validation_regex='.+\|[a-f0-9]{128}', type_validation_expect="filename|128 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename|sha512/224",
-                type_description="A filename and a sha-512/224 hash separated by a |", type_taxonomy="",
-                type_validation_regex='.+\|[a-f0-9]{56}', type_validation_expect="filename|56 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename|sha512/256",
-                type_description="A filename and a sha-512/256 hash separated by a |", type_taxonomy="",
-                type_validation_regex='.+\|[a-f0-9]{64}', type_validation_expect="filename|64 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename|ssdeep", type_description="A checksum in ssdeep format",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename|tlsh",
-                type_description="A filename and a Trend Micro Locality Sensitive Hash separated by a |",
-                type_taxonomy="",
-                type_validation_regex='.+\|t?[a-f0-9]{35,}',
-                type_validation_expect="filename|at least 35 hexadecimal characters, optionally starting with t1 instead of hexadecimal characters"
-                )
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="filename|vhash",
-                type_description="A filename and a VirusTotal hash separated by a |", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="first-name", type_description="First name of a natural person",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="float", type_description="A floating point value.", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="full-name", type_description="Full name of a natural person",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="gene", type_description="GENE - Go Evtx sigNature Engine",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="git-commit-id", type_description="A git commit ID.", type_taxonomy="",
-                type_validation_regex="[a-f0-9]{40}", type_validation_expect="40 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="github-organisation", type_description="A github organisation",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="github-repository", type_description="A github repository",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="github-username", type_description="A github user name",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="hassh-md5",
-                type_description="hassh is a network fingerprinting standard which can be used to identify specific Client SSH implementations. The fingerprints can be easily stored, searched and shared in the form of an MD5 fingerprint.",
-                type_taxonomy="",
-                type_validation_regex="[a-f0-9]{32}", type_validation_expect="32 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="hasshserver-md5",
-                type_description="hasshServer is a network fingerprinting standard which can be used to identify specific Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of an MD5 fingerprint.",
-                type_taxonomy="",
-                type_validation_regex="[a-f0-9]{32}", type_validation_expect="32 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="hex", type_description="A value in hexadecimal format",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="hostname", type_description="A full host/dnsname of an attacker",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="hostname|port",
-                type_description="Hostname and port number separated by a |", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="http-method",
-                type_description="HTTP method used by the malware (e.g. POST, GET, …).", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="iban", type_description="International Bank Account Number",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="identity-card-number", type_description="Identity card number",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="impfuzzy",
-                type_description="A fuzzy hash of import table of Portable Executable format", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="imphash",
-                type_description="Import hash - a hash created based on the imports in the sample.", type_taxonomy="",
-                type_validation_regex="[a-f0-9]{32}", type_validation_expect="32 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="ip-any",
-                type_description="A source or destination IP address of the attacker or C&C server", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="ip-dst",
-                type_description="A destination IP address of the attacker or C&C server", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="ip-dst|port",
-                type_description="IP destination and port number separated by a |", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="ip-src", type_description="A source IP address of the attacker",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="ip-src|port",
-                type_description="IP source and port number separated by a |", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="ja3-fingerprint-md5",
-                type_description="JA3 is a method for creating SSL/TLS client fingerprints that should be easy to produce on any platform and can be easily shared for threat intelligence.",
-                type_taxonomy="",
-                type_validation_regex="[a-f0-9]{32}", type_validation_expect="32 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="jabber-id", type_description="Jabber ID", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="jarm-fingerprint",
-                type_description="JARM is a method for creating SSL/TLS server fingerprints.", type_taxonomy="",
-                type_validation_regex="[a-f0-9]{62}", type_validation_expect="62 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="kusto-query",
-                type_description="Kusto query - Kusto from Microsoft Azure is a service for storing and running interactive analytics over Big Data.",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="link", type_description="Link to an external information",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="mac-address", type_description="Mac address", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="mac-eui-64", type_description="Mac EUI-64 address", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="malware-sample",
-                type_description="Attachment containing encrypted malware sample", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="malware-type", type_description="Malware type", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="md5", type_description="A checksum in md5 format", type_taxonomy="",
-                type_validation_regex="[a-f0-9]{32}", type_validation_expect="32 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="middle-name", type_description="Middle name of a natural person",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="mime-type",
-                type_description="A media type (also MIME type and content type) is a two-part identifier for file formats and format contents transmitted on the Internet",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="mobile-application-id",
-                type_description="The application id of a mobile application", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="mutex",
-                type_description="Mutex, use the format \BaseNamedObjects<Mutex>", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="named pipe",
-                type_description="Named pipe, use the format .\pipe<PipeName>", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="other", type_description="Other attribute", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="file-path",
-                type_description="Path of file", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="pattern-in-file",
-                type_description="Pattern in file that identifies the malware", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="pattern-in-memory",
-                type_description="Pattern in memory dump that identifies the malware", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="pattern-in-traffic",
-                type_description="Pattern in network traffic that identifies the malware", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="pdb",
-                type_description="Microsoft Program database (PDB) path information", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="pehash",
-                type_description="PEhash - a hash calculated based of certain pieces of a PE executable file",
-                type_taxonomy="",
-                type_validation_regex="[a-f0-9]{40}", type_validation_expect="40 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="pgp-private-key", type_description="A PGP private key",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="pgp-public-key", type_description="A PGP public key", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="phone-number", type_description="Telephone Number", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="port", type_description="Port number", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="process-state", type_description="State of a process", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="prtn", type_description="Premium-Rate Telephone Number",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="regkey", type_description="Registry key or value", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="regkey|value", type_description="Registry value + data separated by |",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="sha1", type_description="A checksum in sha1 format", type_taxonomy="",
-                type_validation_regex="[a-f0-9]{40}", type_validation_expect="40 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="sha224", type_description="A checksum in sha-224 format",
-                type_taxonomy="",
-                type_validation_regex="[a-f0-9]{56}", type_validation_expect="56 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="sha256", type_description="A checksum in sha256 format",
-                type_taxonomy="",
-                type_validation_regex="[a-f0-9]{64}", type_validation_expect="64 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="sha3-224", type_description="A checksum in sha3-224 format",
-                type_taxonomy="",
-                type_validation_regex="[a-f0-9]{56}", type_validation_expect="56 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="sha3-256", type_description="A checksum in sha3-256 format",
-                type_taxonomy="",
-                type_validation_regex="[a-f0-9]{64}", type_validation_expect="64 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="sha3-384", type_description="A checksum in sha3-384 format",
-                type_taxonomy="",
-                type_validation_regex="[a-f0-9]{96}", type_validation_expect="96 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="sha3-512", type_description="A checksum in sha3-512 format",
-                type_taxonomy="",
-                type_validation_regex="[a-f0-9]{128}", type_validation_expect="128 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="sha384", type_description="A checksum in sha-384 format",
-                type_taxonomy="",
-                type_validation_regex="[a-f0-9]{96}", type_validation_expect="96 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="sha512", type_description="A checksum in sha-512 format",
-                type_taxonomy="",
-                type_validation_regex="[a-f0-9]{128}", type_validation_expect="128 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="sha512/224", type_description="A checksum in the sha-512/224 format",
-                type_taxonomy="",
-                type_validation_regex="[a-f0-9]{56}", type_validation_expect="56 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="sha512/256", type_description="A checksum in the sha-512/256 format",
-                type_taxonomy="",
-                type_validation_regex="[a-f0-9]{64}", type_validation_expect="64 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="sigma",
-                type_description="Sigma - Generic Signature Format for SIEM Systems", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="size-in-bytes", type_description="Size expressed in bytes",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="snort", type_description="An IDS rule in Snort rule-format",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="ssdeep", type_description="A checksum in ssdeep format",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="ssh-fingerprint", type_description="A fingerprint of SSH key material",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="stix2-pattern", type_description="STIX 2 pattern", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="target-email", type_description="Attack Targets Email(s)",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="target-external",
-                type_description="External Target Organizations Affected by this Attack", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="target-location",
-                type_description="Attack Targets Physical Location(s)", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="target-machine", type_description="Attack Targets Machine Name(s)",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="target-org",
-                type_description="Attack Targets Department or Organization(s)", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="target-user", type_description="Attack Targets Username(s)",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="telfhash",
-                type_description="telfhash is symbol hash for ELF files, just like imphash is imports hash for PE files.",
-                type_taxonomy="",
-                type_validation_regex="[a-f0-9]{70}", type_validation_expect="70 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="text", type_description="Name, ID or a reference", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="threat-actor", type_description="A string identifying the threat actor",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="tlsh",
-                type_description="A checksum in the Trend Micro Locality Sensitive Hash format", type_taxonomy="",
-                type_validation_regex="^t?[a-f0-9]{35,}",
-                type_validation_expect="at least 35 hexadecimal characters, optionally starting with t1 instead of hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="travel-details", type_description="Travel details", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="twitter-id", type_description="Twitter ID", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="uri", type_description="Uniform Resource Identifier", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="url", type_description="url", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="user-agent",
-                type_description="The user-agent used by the malware in the HTTP request.", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="vhash", type_description="A VirusTotal checksum", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="vulnerability",
-                type_description="A reference to the vulnerability used in the exploit", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="weakness",
-                type_description="A reference to the weakness used in the exploit", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="whois-creation-date",
-                type_description="The date of domain’s creation, obtained from the WHOIS information.",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="whois-registrant-email",
-                type_description="The e-mail of a domain’s registrant, obtained from the WHOIS information.",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="whois-registrant-name",
-                type_description="The name of a domain’s registrant, obtained from the WHOIS information.",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="whois-registrant-org",
-                type_description="The org of a domain’s registrant, obtained from the WHOIS information.",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="whois-registrant-phone",
-                type_description="The phone number of a domain’s registrant, obtained from the WHOIS information.",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="whois-registrar",
-                type_description="The registrar of the domain, obtained from the WHOIS information.", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="windows-scheduled-task", type_description="A scheduled task in windows",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="windows-service-displayname",
-                type_description="A windows service’s displayname, not to be confused with the windows-service-name. This is the name that applications will generally display as the service’s name in applications.",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="windows-service-name",
-                type_description="A windows service name. This is the name used internally by windows. Not to be confused with the windows-service-displayname.",
-                type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="x509-fingerprint-md5",
-                type_description="X509 fingerprint in MD5 format", type_taxonomy="",
-                type_validation_regex="[a-f0-9]{32}", type_validation_expect="32 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="x509-fingerprint-sha1",
-                type_description="X509 fingerprint in SHA-1 format", type_taxonomy="",
-                type_validation_regex="[a-f0-9]{40}", type_validation_expect="40 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="x509-fingerprint-sha256",
-                type_description="X509 fingerprint in SHA-256 format", type_taxonomy="",
-                type_validation_regex="[a-f0-9]{64}", type_validation_expect="64 hexadecimal characters")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="xmr", type_description="Monero Address", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="yara", type_description="Yara signature", type_taxonomy="")
-    create_safe_limited(db.session, IocType, ["type_name", "type_description"],  type_name="zeek", type_description="An NIDS rule in the Zeek rule-format",
-                type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="AS",
+                        type_description="Autonomous system", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="aba-rtn",
+                        type_description="ABA routing transit number",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="account",
+                        type_description="Account of any type",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="anonymised",
+                        type_description="Anonymised value - described with the anonymisation object via a relationship",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="attachment",
+                        type_description="Attachment with external information",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="authentihash",
+                        type_description="Authenticode executable signature hash", type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{64}", type_validation_expect="64 hexadecimal characters"
+                        )
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="boolean",
+                        type_description="Boolean value - to be used in objects",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="btc",
+                        type_description="Bitcoin Address", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="campaign-id",
+                        type_description="Associated campaign ID",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="campaign-name",
+                        type_description="Associated campaign name",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="cdhash",
+                        type_description="An Apple Code Directory Hash, identifying a code-signed Mach-O executable file",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="chrome-extension-id",
+                        type_description="Chrome extension id",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="community-id",
+                        type_description="a community ID flow hashing algorithm to map multiple traffic monitors into common flow id",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="cookie",
+                        type_description="HTTP cookie as often stored on the user web client. This can include authentication cookie or session cookie.",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="dash",
+                        type_description="Dash Address", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="datetime",
+                        type_description="Datetime in the ISO 8601 format",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="dkim",
+                        type_description="DKIM public key", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="dkim-signature",
+                        type_description="DKIM signature", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="dns-soa-email",
+                        type_description="RFC1035 mandates that DNS zones should have a SOA (Statement Of Authority) record that contains an email address where a PoC for the domain could be contacted. This can sometimes be used for attribution/linkage between different domains even if protected by whois privacy",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="domain",
+                        type_description="A domain name used in the malware",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="domain|ip",
+                        type_description="A domain name and its IP address (as found in DNS lookup) separated by a |",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="email",
+                        type_description="An e-mail address", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="email-attachment",
+                        type_description="File name of the email attachment.", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="email-body",
+                        type_description="Email body", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="email-dst",
+                        type_description="The destination email address. Used to describe the recipient when describing an e-mail.",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="email-dst-display-name",
+                        type_description="Email destination display name", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="email-header",
+                        type_description="Email header", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="email-message-id",
+                        type_description="The email message ID",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="email-mime-boundary",
+                        type_description="The email mime boundary separating parts in a multipart email",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="email-reply-to",
+                        type_description="Email reply to header",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="email-src",
+                        type_description="The source email address. Used to describe the sender when describing an e-mail.",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="email-src-display-name",
+                        type_description="Email source display name",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="email-subject",
+                        type_description="The subject of the email",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="email-thread-index",
+                        type_description="The email thread index header",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="email-x-mailer",
+                        type_description="Email x-mailer header",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="favicon-mmh3",
+                        type_description="favicon-mmh3 is the murmur3 hash of a favicon as used in Shodan.",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename",
+                        type_description="Filename", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename-pattern",
+                        type_description="A pattern in the name of a file",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename|authentihash",
+                        type_description="A checksum in md5 format",
+                        type_taxonomy="",
+                        type_validation_regex='.+\|[a-f0-9]{64}',
+                        type_validation_expect="filename|64 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename|impfuzzy",
+                        type_description="Import fuzzy hash - a fuzzy hash created based on the imports in the sample.",
+                        type_taxonomy="", )
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename|imphash",
+                        type_description="Import hash - a hash created based on the imports in the sample.",
+                        type_taxonomy="",
+                        type_validation_regex='.+\|[a-f0-9]{32}',
+                        type_validation_expect="filename|32 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename|md5",
+                        type_description="A filename and an md5 hash separated by a |", type_taxonomy="",
+                        type_validation_regex='.+\|[a-f0-9]{32}',
+                        type_validation_expect="filename|32 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename|pehash",
+                        type_description="A filename and a PEhash separated by a |", type_taxonomy="",
+                        type_validation_regex='.+\|[a-f0-9]{40}',
+                        type_validation_expect="filename|40 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename|sha1",
+                        type_description="A filename and an sha1 hash separated by a |", type_taxonomy="",
+                        type_validation_regex='.+\|[a-f0-9]{40}',
+                        type_validation_expect="filename|40 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename|sha224",
+                        type_description="A filename and a sha-224 hash separated by a |", type_taxonomy="",
+                        type_validation_regex='.+\|[a-f0-9]{56}',
+                        type_validation_expect="filename|56 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename|sha256",
+                        type_description="A filename and an sha256 hash separated by a |", type_taxonomy="",
+                        type_validation_regex='.+\|[a-f0-9]{64}',
+                        type_validation_expect="filename|64 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename|sha3-224",
+                        type_description="A filename and an sha3-224 hash separated by a |", type_taxonomy="",
+                        type_validation_regex='.+\|[a-f0-9]{56}',
+                        type_validation_expect="filename|56 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename|sha3-256",
+                        type_description="A filename and an sha3-256 hash separated by a |", type_taxonomy="",
+                        type_validation_regex='.+\|[a-f0-9]{64}',
+                        type_validation_expect="filename|64 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename|sha3-384",
+                        type_description="A filename and an sha3-384 hash separated by a |", type_taxonomy="",
+                        type_validation_regex='.+\|[a-f0-9]{96}',
+                        type_validation_expect="filename|96 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename|sha3-512",
+                        type_description="A filename and an sha3-512 hash separated by a |", type_taxonomy="",
+                        type_validation_regex='.+\|[a-f0-9]{128}',
+                        type_validation_expect="filename|128 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename|sha384",
+                        type_description="A filename and a sha-384 hash separated by a |", type_taxonomy="",
+                        type_validation_regex='.+\|[a-f0-9]{96}',
+                        type_validation_expect="filename|96 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename|sha512",
+                        type_description="A filename and a sha-512 hash separated by a |", type_taxonomy="",
+                        type_validation_regex='.+\|[a-f0-9]{128}',
+                        type_validation_expect="filename|128 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename|sha512/224",
+                        type_description="A filename and a sha-512/224 hash separated by a |", type_taxonomy="",
+                        type_validation_regex='.+\|[a-f0-9]{56}',
+                        type_validation_expect="filename|56 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename|sha512/256",
+                        type_description="A filename and a sha-512/256 hash separated by a |", type_taxonomy="",
+                        type_validation_regex='.+\|[a-f0-9]{64}',
+                        type_validation_expect="filename|64 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename|ssdeep",
+                        type_description="A checksum in ssdeep format",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename|tlsh",
+                        type_description="A filename and a Trend Micro Locality Sensitive Hash separated by a |",
+                        type_taxonomy="",
+                        type_validation_regex='.+\|t?[a-f0-9]{35,}',
+                        type_validation_expect="filename|at least 35 hexadecimal characters, optionally starting with t1 instead of hexadecimal characters"
+                        )
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="filename|vhash",
+                        type_description="A filename and a VirusTotal hash separated by a |", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="first-name",
+                        type_description="First name of a natural person",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="float",
+                        type_description="A floating point value.", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="full-name",
+                        type_description="Full name of a natural person",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="gene",
+                        type_description="GENE - Go Evtx sigNature Engine",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="git-commit-id",
+                        type_description="A git commit ID.", type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{40}", type_validation_expect="40 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="github-organisation",
+                        type_description="A github organisation",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="github-repository",
+                        type_description="A github repository",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="github-username",
+                        type_description="A github user name",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="hassh-md5",
+                        type_description="hassh is a network fingerprinting standard which can be used to identify specific Client SSH implementations. The fingerprints can be easily stored, searched and shared in the form of an MD5 fingerprint.",
+                        type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{32}", type_validation_expect="32 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="hasshserver-md5",
+                        type_description="hasshServer is a network fingerprinting standard which can be used to identify specific Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of an MD5 fingerprint.",
+                        type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{32}", type_validation_expect="32 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="hex",
+                        type_description="A value in hexadecimal format",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="hostname",
+                        type_description="A full host/dnsname of an attacker",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="hostname|port",
+                        type_description="Hostname and port number separated by a |", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="http-method",
+                        type_description="HTTP method used by the malware (e.g. POST, GET, …).", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="iban",
+                        type_description="International Bank Account Number",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="identity-card-number",
+                        type_description="Identity card number",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="impfuzzy",
+                        type_description="A fuzzy hash of import table of Portable Executable format", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="imphash",
+                        type_description="Import hash - a hash created based on the imports in the sample.",
+                        type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{32}", type_validation_expect="32 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="ip-any",
+                        type_description="A source or destination IP address of the attacker or C&C server",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="ip-dst",
+                        type_description="A destination IP address of the attacker or C&C server", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="ip-dst|port",
+                        type_description="IP destination and port number separated by a |", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="ip-src",
+                        type_description="A source IP address of the attacker",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="ip-src|port",
+                        type_description="IP source and port number separated by a |", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="ja3-fingerprint-md5",
+                        type_description="JA3 is a method for creating SSL/TLS client fingerprints that should be easy to produce on any platform and can be easily shared for threat intelligence.",
+                        type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{32}", type_validation_expect="32 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="jabber-id",
+                        type_description="Jabber ID", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="jarm-fingerprint",
+                        type_description="JARM is a method for creating SSL/TLS server fingerprints.", type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{62}", type_validation_expect="62 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="kusto-query",
+                        type_description="Kusto query - Kusto from Microsoft Azure is a service for storing and running interactive analytics over Big Data.",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="link",
+                        type_description="Link to an external information",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="mac-address",
+                        type_description="Mac address", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="mac-eui-64",
+                        type_description="Mac EUI-64 address", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="malware-sample",
+                        type_description="Attachment containing encrypted malware sample", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="malware-type",
+                        type_description="Malware type", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="md5",
+                        type_description="A checksum in md5 format", type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{32}", type_validation_expect="32 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="middle-name",
+                        type_description="Middle name of a natural person",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="mime-type",
+                        type_description="A media type (also MIME type and content type) is a two-part identifier for file formats and format contents transmitted on the Internet",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="mobile-application-id",
+                        type_description="The application id of a mobile application", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="mutex",
+                        type_description="Mutex, use the format \BaseNamedObjects<Mutex>", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="named pipe",
+                        type_description="Named pipe, use the format .\pipe<PipeName>", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="other",
+                        type_description="Other attribute", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="file-path",
+                        type_description="Path of file", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="pattern-in-file",
+                        type_description="Pattern in file that identifies the malware", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="pattern-in-memory",
+                        type_description="Pattern in memory dump that identifies the malware", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="pattern-in-traffic",
+                        type_description="Pattern in network traffic that identifies the malware", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="pdb",
+                        type_description="Microsoft Program database (PDB) path information", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="pehash",
+                        type_description="PEhash - a hash calculated based of certain pieces of a PE executable file",
+                        type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{40}", type_validation_expect="40 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="pgp-private-key",
+                        type_description="A PGP private key",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="pgp-public-key",
+                        type_description="A PGP public key", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="phone-number",
+                        type_description="Telephone Number", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="port",
+                        type_description="Port number", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="process-state",
+                        type_description="State of a process", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="prtn",
+                        type_description="Premium-Rate Telephone Number",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="regkey",
+                        type_description="Registry key or value", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="regkey|value",
+                        type_description="Registry value + data separated by |",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="sha1",
+                        type_description="A checksum in sha1 format", type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{40}", type_validation_expect="40 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="sha224",
+                        type_description="A checksum in sha-224 format",
+                        type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{56}", type_validation_expect="56 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="sha256",
+                        type_description="A checksum in sha256 format",
+                        type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{64}", type_validation_expect="64 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="sha3-224",
+                        type_description="A checksum in sha3-224 format",
+                        type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{56}", type_validation_expect="56 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="sha3-256",
+                        type_description="A checksum in sha3-256 format",
+                        type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{64}", type_validation_expect="64 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="sha3-384",
+                        type_description="A checksum in sha3-384 format",
+                        type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{96}", type_validation_expect="96 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="sha3-512",
+                        type_description="A checksum in sha3-512 format",
+                        type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{128}", type_validation_expect="128 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="sha384",
+                        type_description="A checksum in sha-384 format",
+                        type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{96}", type_validation_expect="96 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="sha512",
+                        type_description="A checksum in sha-512 format",
+                        type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{128}", type_validation_expect="128 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="sha512/224",
+                        type_description="A checksum in the sha-512/224 format",
+                        type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{56}", type_validation_expect="56 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="sha512/256",
+                        type_description="A checksum in the sha-512/256 format",
+                        type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{64}", type_validation_expect="64 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="sigma",
+                        type_description="Sigma - Generic Signature Format for SIEM Systems", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="size-in-bytes",
+                        type_description="Size expressed in bytes",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="snort",
+                        type_description="An IDS rule in Snort rule-format",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="ssdeep",
+                        type_description="A checksum in ssdeep format",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="ssh-fingerprint",
+                        type_description="A fingerprint of SSH key material",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="stix2-pattern",
+                        type_description="STIX 2 pattern", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="target-email",
+                        type_description="Attack Targets Email(s)",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="target-external",
+                        type_description="External Target Organizations Affected by this Attack", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="target-location",
+                        type_description="Attack Targets Physical Location(s)", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="target-machine",
+                        type_description="Attack Targets Machine Name(s)",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="target-org",
+                        type_description="Attack Targets Department or Organization(s)", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="target-user",
+                        type_description="Attack Targets Username(s)",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="telfhash",
+                        type_description="telfhash is symbol hash for ELF files, just like imphash is imports hash for PE files.",
+                        type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{70}", type_validation_expect="70 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="text",
+                        type_description="Name, ID or a reference", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="threat-actor",
+                        type_description="A string identifying the threat actor",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="tlsh",
+                        type_description="A checksum in the Trend Micro Locality Sensitive Hash format",
+                        type_taxonomy="",
+                        type_validation_regex="^t?[a-f0-9]{35,}",
+                        type_validation_expect="at least 35 hexadecimal characters, optionally starting with t1 instead of hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="travel-details",
+                        type_description="Travel details", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="twitter-id",
+                        type_description="Twitter ID", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="uri",
+                        type_description="Uniform Resource Identifier", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="url", type_description="url",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="user-agent",
+                        type_description="The user-agent used by the malware in the HTTP request.", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="vhash",
+                        type_description="A VirusTotal checksum", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="vulnerability",
+                        type_description="A reference to the vulnerability used in the exploit", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="weakness",
+                        type_description="A reference to the weakness used in the exploit", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="whois-creation-date",
+                        type_description="The date of domain’s creation, obtained from the WHOIS information.",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="whois-registrant-email",
+                        type_description="The e-mail of a domain’s registrant, obtained from the WHOIS information.",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="whois-registrant-name",
+                        type_description="The name of a domain’s registrant, obtained from the WHOIS information.",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="whois-registrant-org",
+                        type_description="The org of a domain’s registrant, obtained from the WHOIS information.",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="whois-registrant-phone",
+                        type_description="The phone number of a domain’s registrant, obtained from the WHOIS information.",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="whois-registrar",
+                        type_description="The registrar of the domain, obtained from the WHOIS information.",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="windows-scheduled-task",
+                        type_description="A scheduled task in windows",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="windows-service-displayname",
+                        type_description="A windows service’s displayname, not to be confused with the windows-service-name. This is the name that applications will generally display as the service’s name in applications.",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="windows-service-name",
+                        type_description="A windows service name. This is the name used internally by windows. Not to be confused with the windows-service-displayname.",
+                        type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="x509-fingerprint-md5",
+                        type_description="X509 fingerprint in MD5 format", type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{32}", type_validation_expect="32 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="x509-fingerprint-sha1",
+                        type_description="X509 fingerprint in SHA-1 format", type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{40}", type_validation_expect="40 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="x509-fingerprint-sha256",
+                        type_description="X509 fingerprint in SHA-256 format", type_taxonomy="",
+                        type_validation_regex="[a-f0-9]{64}", type_validation_expect="64 hexadecimal characters")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="xmr",
+                        type_description="Monero Address", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="yara",
+                        type_description="Yara signature", type_taxonomy="")
+    create_safe_limited(db.session, IocType, ["type_name", "type_description"], type_name="zeek",
+                        type_description="An NIDS rule in the Zeek rule-format",
+                        type_taxonomy="")
 
 
 def create_safe_os_types():
@@ -1485,7 +1684,6 @@ def register_modules_pipelines():
 
 
 def register_default_modules():
-
     modules = ['iris_vt_module', 'iris_misp_module', 'iris_check_module',
                'iris_webhooks_module', 'iris_intelowl_module']
 
@@ -1505,6 +1703,7 @@ def register_default_modules():
             iris_module_disable_by_id(module.id)
             log.info('Successfully registered {mod}'.format(mod=module_name))
 
+
 def custom_assets_symlinks():
     try:
 
@@ -1521,4 +1720,3 @@ def custom_assets_symlinks():
 
     except Exception as e:
         log.error(f"Error: {e}")
-
diff --git a/source/app/schema/marshables.py b/source/app/schema/marshables.py
index 95934e354..d5c795bca 100644
--- a/source/app/schema/marshables.py
+++ b/source/app/schema/marshables.py
@@ -17,30 +17,27 @@
 #  You should have received a copy of the GNU Lesser General Public License
 #  along with this program; if not, write to the Free Software Foundation,
 #  Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-from typing import Any, Dict, List, Optional, Tuple, Union
-import uuid
-
 import datetime
-import logging
+import dateutil.parser
+import marshmallow
 import os
+import pyminizip
 import random
 import re
 import shutil
 import string
 import tempfile
-from pathlib import Path
-
-import dateutil.parser
-import marshmallow
-import pyminizip
+import uuid
 from flask_login import current_user
-from marshmallow import fields, Schema, validate, ValidationError
+from marshmallow import ValidationError
+from marshmallow import fields
 from marshmallow import post_load
 from marshmallow import pre_load
-from marshmallow import ValidationError
 from marshmallow.validate import Length
 from marshmallow_sqlalchemy import auto_field
+from pathlib import Path
 from sqlalchemy import func
+from typing import Any, Dict, List, Optional, Tuple, Union
 from werkzeug.datastructures import FileStorage
 
 from app import app
@@ -50,7 +47,7 @@
 from app.datamgmt.manage.manage_attribute_db import merge_custom_attributes
 from app.iris_engine.access_control.utils import ac_mask_from_val_list
 from app.models import AnalysisStatus, CaseClassification, SavedFilter, DataStorePath, IrisModuleHook, Tags, \
-    ReviewStatus
+    ReviewStatus, EvidenceTypes, CaseStatus
 from app.models import AssetsType
 from app.models import CaseAssets
 from app.models import CaseReceivedFile
@@ -65,6 +62,7 @@
 from app.models import GlobalTasks
 from app.models import Ioc
 from app.models import IocType
+from app.models import IrisModule
 from app.models import Notes
 from app.models import NotesGroup
 from app.models import ServerSettings
@@ -74,8 +72,7 @@
 from app.models.authorization import Group
 from app.models.authorization import Organisation
 from app.models.authorization import User
-from app.models.cases import CaseState
-from app.models import IrisModule
+from app.models.cases import CaseState, CaseProtagonist
 from app.util import file_sha256sum, str_to_bool, assert_type_mml
 from app.util import stream_sha256sum
 
@@ -1241,6 +1238,49 @@ def verify_unique(self, data, **kwargs):
         return data
 
 
+class EvidenceTypeSchema(ma.SQLAlchemyAutoSchema):
+    """Schema for serializing and deserializing EvidenceType objects.
+
+    This schema defines the fields to include when serializing and deserializing EvidenceType objects.
+    It includes fields for the evidence type name, expanded name, and description.
+
+    """
+    name: str = auto_field('name', required=True, validate=Length(min=2), allow_none=False)
+    description: str = auto_field('description', required=True, allow_none=True)
+
+    class Meta:
+        model = EvidenceTypes
+        load_instance = True
+
+    @post_load
+    def verify_unique(self, data, **kwargs):
+        """Verifies that the evidence type name is unique.
+
+        This method verifies that the evidence type name is unique. If the name is not unique, it raises a validation error.
+
+        Args:
+            data: The data to load.
+
+        Returns:
+            The loaded data.
+
+        Raises:
+            ValidationError: If the evidence type name is not unique.
+
+        """
+        client = EvidenceTypes.query.filter(
+            func.lower(EvidenceTypes.name) == func.lower(data.name),
+            EvidenceTypes.id != data.id
+        ).first()
+        if client:
+            raise marshmallow.exceptions.ValidationError(
+                "Evidence type already exists",
+                field_name="name"
+            )
+
+        return data
+
+
 class CaseSchema(ma.SQLAlchemyAutoSchema):
     """Schema for serializing and deserializing Case objects.
 
@@ -1615,10 +1655,14 @@ class CaseEvidenceSchema(ma.SQLAlchemyAutoSchema):
     """
     filename: str = auto_field('filename', required=True, validate=Length(min=2), allow_none=False)
     csrf_token: Optional[str] = fields.String(required=False)
+    type = ma.Nested(EvidenceTypeSchema)
+    user = ma.Nested(UserSchema, only=['id', 'user_name', 'user_login', 'user_email'])
 
     class Meta:
         model = CaseReceivedFile
         load_instance = True
+        include_relationships = True
+        include_fk = True
 
     @post_load
     def custom_attributes_merge(self, data: Dict[str, Any], **kwargs: Any) -> Dict[str, Any]:
@@ -2014,16 +2058,47 @@ class Meta:
             include_relationships = True
 
 
+class CaseProtagonistSchema(ma.SQLAlchemyAutoSchema):
+    """Schema for serializing and deserializing CaseProtagonist objects."""
+    class Meta:
+        model = CaseProtagonist
+        load_instance = True
+        include_fk = True
+        include_relationships = True
+
+
 class CaseDetailsSchema(ma.SQLAlchemyAutoSchema):
     """Schema for serializing and deserializing Case objects in details."""
     client = ma.Nested(CustomerSchema)
     owner = ma.Nested(UserSchema, only=['id', 'user_name', 'user_login', 'user_email'])
     classification = ma.Nested(CaseClassificationSchema)
     state = ma.Nested(CaseStateSchema)
-    tags = ma.Nested(TagsSchema, many=True)
+    tags = ma.Nested(TagsSchema, many=True, only=['tag_title', 'id'])
     user = ma.Nested(UserSchema, only=['id', 'user_name', 'user_login', 'user_email'])
     reviewer = ma.Nested(UserSchema, only=['id', 'user_name', 'user_login', 'user_email'])
     review_status = ma.Nested(ReviewStatusSchema)
+    severity = ma.Nested(SeveritySchema)
+
+    def get_status_name(self, obj):
+        return CaseStatus(obj.status_id).name
+
+    def get_protagonists(self, obj):
+        cp = CaseProtagonist.query.with_entities(
+            CaseProtagonist.role,
+            CaseProtagonist.name,
+            CaseProtagonist.contact,
+            User.name.label('user_name'),
+            User.user.label('user_login')
+        ).filter(
+            CaseProtagonist.case_id == obj.case_id
+        ).outerjoin(
+            CaseProtagonist.user
+        ).all()
+        cp = CaseProtagonistSchema(many=True).dump(cp)
+        return cp
+
+    status_name = ma.Method("get_status_name")
+    protagonists = ma.Method("get_protagonists")
 
     class Meta:
         model = Cases
diff --git a/source/app/static/assets/css/atlantis.css b/source/app/static/assets/css/atlantis.css
index 570b5e961..958910396 100644
--- a/source/app/static/assets/css/atlantis.css
+++ b/source/app/static/assets/css/atlantis.css
@@ -123,6 +123,10 @@ a {
     color: #05316a;
 }
 
+.text-link {
+    color: #05316a;
+}
+
 a:hover,
 a:focus {
     color: #005fdb;
@@ -14190,6 +14194,13 @@ table.dataTable.stripe tbody > tr.selected {
     background: linear-gradient(-45deg, #05316A, #05316a)  !important;
 }
 
+.bg-case-gradient{
+    background: #05316a !important;
+
+    background: -webkit-linear-gradient(legacy-direction(-45deg), #05316A, #05316a) !important;
+    background: linear-gradient(-45deg, #05316A, #05316a)  !important;
+}
+
 .bg-secondary-gradient {
     background: #6861CE !important;
     background: -webkit-linear-gradient(legacy-direction(-45deg), #2A20AC, #6861CE) !important;
@@ -15876,4 +15887,12 @@ td.dt-nowrap { white-space: nowrap }
 .alert-card .flex-1 {
     margin-left: 0.9rem !important;
     margin-right: 0.9rem !important;
+}
+
+.table-hover tbody tr:hover td > .copy-icon-l {
+    display: inline !important;
+}
+
+.copy-icon-l {
+    margin-left: 10px;
 }
\ No newline at end of file
diff --git a/source/app/static/assets/css/dark-theme.css b/source/app/static/assets/css/dark-theme.css
index 9c06a768f..844c2bec0 100644
--- a/source/app/static/assets/css/dark-theme.css
+++ b/source/app/static/assets/css/dark-theme.css
@@ -15,6 +15,10 @@ body {
   background: #004eb3;
 }
 
+.text-link {
+    color: #66aaff;
+}
+
 .btn-success {
   background: #004eb3 !important;
   border-color: #004eb3 !important;
diff --git a/source/app/static/assets/js/iris/alerts.js b/source/app/static/assets/js/iris/alerts.js
index 0fa72417f..0f97b8624 100644
--- a/source/app/static/assets/js/iris/alerts.js
+++ b/source/app/static/assets/js/iris/alerts.js
@@ -39,7 +39,7 @@ const selectsConfig = {
         name: 'customer_name'
     },
     alert_owner_id: {
-        url: '/manage/users/list',
+        url: '/manage/users/restricted/list',
         id: 'user_id',
         name: 'user_name'
     },
@@ -179,6 +179,9 @@ function mergeMultipleAlertsModal() {
                             type: 'GET',
                             dataType: 'json'
                         },
+                        minLength: 0,
+                        clearOnEmpty: false,
+                        emptyRequest: true,
                         locale: {
                             emptyTitle: 'Select and Begin Typing',
                             statusInitialized: '',
@@ -188,7 +191,7 @@ function mergeMultipleAlertsModal() {
                         },
                         preserveSelected: false
                     };
-                    get_request_api('/context/get-cases/100')
+                    get_request_api('/context/search-cases')
                         .done((data) => {
                             if (notify_auto_api(data, true)) {
                                 mergeAlertCasesSelectOption(data);
@@ -310,17 +313,20 @@ function mergeAlertModal(alert_id) {
                     type: 'GET',
                     dataType: 'json'
                 },
+                minLength: 0,
+                clearOnEmpty: false,
+                emptyRequest: true,
                 locale: {
                     emptyTitle: 'Select and Begin Typing',
                     statusInitialized: '',
                 },
                 preprocessData: function (data) {
-                    return context_data_parser(data);
+                    return context_data_parser(data, false);
                 },
                 preserveSelected: false
             };
 
-            get_request_api('/context/get-cases/100')
+            get_request_api('/context/search-cases')
             .done((data) => {
                 if (notify_auto_api(data, true)) {
                     mergeAlertCasesSelectOption(data);
@@ -812,6 +818,8 @@ function alertResolutionToARC(resolution) {
             return `<span class="badge alert-bade-status badge-pill badge-warning mr-2">True Positive without impact</span>`
         case 'False Positive':
             return `<span class="badge alert-bade-status badge-pill badge-success mr-2">False Positive</span>`
+        case 'Unknown':
+            return `<span class="badge alert-bade-status badge-pill badge-light mr-2">Unknown resolution</span>`
     }
 }
 
@@ -1571,14 +1579,12 @@ async function editAlert(alert_id, close=false) {
       console.error(error);
     });
 
-    $('#editAlertModal').modal('show');
+   $('#editAlertModal').modal('show');
 
     confirmAlertEdition.off('click').on('click', function () {
         let alert_note = $('#editAlertNote').val();
         let alert_tags = alertTag.val();
 
-        console.log(getAlertResolutionId($("input[type='radio'][name='resolutionStatus']:checked").val()));
-
         let data = {
           alert_note: alert_note,
           alert_tags: alert_tags,
@@ -1598,6 +1604,40 @@ async function editAlert(alert_id, close=false) {
     });
 }
 
+function closeBatchAlerts() {
+    const alertTag = $('#editAlertTags');
+    const confirmAlertEdition = $('#confirmAlertEdition');
+    $('#editAlertNote').val('');
+    alertTag.val('');
+
+    confirmAlertEdition.text('Close alerts');
+    $('.alert-edition-part').hide();
+    $('#closeAlertModalLabel').text(`Close multiple alerts`);
+
+    $('#editAlertModal').modal('show');
+
+    confirmAlertEdition.off('click').on('click', function () {
+        let alert_note = $('#editAlertNote').val();
+        let alert_tags = alertTag.val();
+
+        let data = {
+          alert_note: alert_note,
+          alert_tags: alert_tags,
+          alert_resolution_status_id: getAlertResolutionId($("input[type='radio'][name='resolutionStatus']:checked").val()),
+        };
+
+        if (close) {
+            data['alert_status_id'] = getAlertStatusId('Closed');
+        }
+
+        updateBatchAlerts(data)
+            .then(() => {
+                $('#editAlertModal').modal('hide');
+            });
+    });
+
+}
+
 async function fetchSavedFilters() {
     const url = '/filters/alerts/list';
     return get_request_api(url)
@@ -1727,7 +1767,7 @@ function changeStatusAlert(alert_id, status_name) {
 
 async function changeAlertOwner(alertId) {
   // Fetch the user list from the endpoint
-  const usersReq = await get_request_api('/manage/users/list');
+  const usersReq = await get_request_api('/manage/users/restricted/list');
 
   if (!notify_auto_api(usersReq, true)) { return; };
 
@@ -1769,7 +1809,7 @@ async function changeBatchAlertOwner(alertId) {
     }
 
       // Fetch the user list from the endpoint
-      const usersReq = await get_request_api('/manage/users/list');
+      const usersReq = await get_request_api('/manage/users/restricted/list');
 
       if (!notify_auto_api(usersReq, true)) { return; };
 
diff --git a/source/app/static/assets/js/iris/case.asset.js b/source/app/static/assets/js/iris/case.asset.js
index e703d8039..6e32390eb 100644
--- a/source/app/static/assets/js/iris/case.asset.js
+++ b/source/app/static/assets/js/iris/case.asset.js
@@ -394,6 +394,7 @@ $(document).ready(function(){
                     ret += datacontent;
                     ret += '"></i>';
                 }
+
                 return ret;
               }
               return data;
@@ -424,7 +425,10 @@ $(document).ready(function(){
           },
           { "data": "asset_ip",
              "render": function (data, type, row, meta) {
-                if (type === 'display') { data = sanitizeHTML(data);}
+                if (type === 'display') {
+                    datas = sanitizeHTML(data);
+                    return datas;
+                }
                 return data;
               }
           },
diff --git a/source/app/static/assets/js/iris/case.rfiles.js b/source/app/static/assets/js/iris/case.rfiles.js
index d569fee67..bd3330ae8 100644
--- a/source/app/static/assets/js/iris/case.rfiles.js
+++ b/source/app/static/assets/js/iris/case.rfiles.js
@@ -49,7 +49,7 @@ function add_modal_rfile() {
              ajax_notify_error(xhr, url);
              return false;
         }
-        
+
         g_evidence_desc_editor = get_new_ace_editor('evidence_description', 'evidence_desc_content', 'target_evidence_desc',
                     function() {
                         $('#last_saved').addClass('btn-danger').removeClass('btn-success');
@@ -58,8 +58,10 @@ function add_modal_rfile() {
         g_evidence_desc_editor.setOption("minLines", "10");
         edit_in_evidence_desc();
 
-        headers = get_editor_headers('g_evidence_desc_editor', null, 'evidence_edition_btn');
+        let headers = get_editor_headers('g_evidence_desc_editor', null, 'evidence_edition_btn');
         $('#evidence_edition_btn').append(headers);
+
+        load_evidence_type();
         
         $('#modal_add_rfiles').modal({ show: true });
         $('#filename').focus();
@@ -67,12 +69,26 @@ function add_modal_rfile() {
 }
 
 function add_rfile() {
-    var data_sent = $('form#form_edit_rfile').serializeObject();
+    let data_sent = $('form#form_edit_rfile').serializeObject();
     data_sent['csrf_token'] = $('#csrf_token').val();
     data_sent['file_description'] = g_evidence_desc_editor.getValue();
-    ret = get_custom_attributes_fields();
-    has_error = ret[0].length > 0;
-    attributes = ret[1];
+    data_sent['type_id'] = $('#file_type_id').val();
+
+    let sd = $('#start_date').val();
+    let st = $('#start_time').val()
+    if (sd && st) {
+        data_sent['start_date'] = `${sd}T${st}`;
+    }
+
+    let ed = $('#end_date').val();
+    let et = $('#end_time').val();
+    if (ed && et) {
+        data_sent['end_date'] = `${ed}T${et}`;
+    }
+
+    let ret = get_custom_attributes_fields();
+    let has_error = ret[0].length > 0;
+    let attributes = ret[1];
 
     if (has_error){return false;}
 
@@ -182,8 +198,6 @@ function edit_rfiles(rfiles_id) {
              ajax_notify_error(xhr, url);
              return false;
         }
-        
-        g_evidence_id = rfiles_id;
 
         g_evidence_desc_editor = get_new_ace_editor('evidence_description', 'evidence_desc_content', 'target_evidence_desc',
                             function() {
@@ -195,16 +209,80 @@ function edit_rfiles(rfiles_id) {
         g_evidence_desc_editor.setOption("minLines", "6");
         preview_evidence_description(true);
 
-        headers = get_editor_headers('g_evidence_desc_editor', null, 'evidence_edition_btn');
+        let headers = get_editor_headers('g_evidence_desc_editor', null, 'evidence_edition_btn');
         $('#evidence_edition_btn').append(headers);
         
         load_menu_mod_options_modal(rfiles_id, 'evidence', $("#evidence_modal_quick_actions"));
+
+        load_evidence_type();
         
         $('#modal_add_rfiles').modal({ show: true });
+
         edit_in_evidence_desc();
     });
 }
 
+function show_x_time_converter(item){
+    $(`#${item}_date_convert`).show();
+    $(`#${item}_date_convert_input`).focus();
+    $(`#${item}_date_inputs`).hide();
+}
+
+function hide_x_time_converter(item){
+    $(`#${item}_date_convert`).hide();
+    $(`#${item}_date_inputs`).show();
+    $(`#${item}_date`).focus();
+}
+
+
+function time_converter(item){
+    let date_val = $(`#${item}_date_convert_input`).val();
+
+    let data_sent = Object();
+    data_sent['date_value'] = date_val;
+    data_sent['csrf_token'] = $('#csrf_token').val();
+
+    post_request_api('timeline/events/convert-date', JSON.stringify(data_sent))
+    .done(function(data) {
+        if(notify_auto_api(data)) {
+            $(`#${item}_date`).val(data.data.date);
+            $(`#${item}_time`).val(data.data.time);
+            $(`#${item}_tz`).val(data.data.tz);
+            hide_x_time_converter(item);
+            $(`#convert_bad_feedback_${item}`).text('');
+        }
+    })
+    .fail(function() {
+        $(`#convert_bad_feedback_${item}`).text('Unable to find a matching pattern for the date');
+    });
+}
+
+
+function load_evidence_type() {
+    get_request_api('/manage/evidence-types/list')
+    .done((data) => {
+        if(notify_auto_api(data, true)) {
+            let ftype = $('#file_type_id');
+            if (data.data != null) {
+                let options = data.data;
+                for (let idx in options) {
+                    ftype.append(`<option value="${options[idx].id}">${filterXSS(options[idx].name)}</option>`);
+                }
+                ftype.selectpicker({
+                    liveSearch: true,
+                    title: "Evidence type"
+                });
+                let stored_type_id = $('#store_type_id').data('file-type-id');
+                if (stored_type_id !== undefined || stored_type_id !== "") {
+                    ftype.selectpicker('val', stored_type_id);
+                    ftype.selectpicker('refresh');
+                }
+            }
+
+        }
+    })
+}
+
 function preview_evidence_description(no_btn_update) {
     if(!$('#container_evidence_description').is(':visible')) {
         evidence_desc = g_evidence_desc_editor.getValue();
@@ -231,11 +309,25 @@ function preview_evidence_description(no_btn_update) {
 
 /* Update an rfiles */
 function update_rfile(rfiles_id) {
-    var data_sent = $('form#form_edit_rfile').serializeObject();
+    let data_sent = $('form#form_edit_rfile').serializeObject();
     data_sent['csrf_token'] = $('#csrf_token').val();
-    ret = get_custom_attributes_fields();
-    has_error = ret[0].length > 0;
-    attributes = ret[1];
+    data_sent['type_id'] = $('#file_type_id').val();
+    let sd = $('#start_date').val();
+    let st = $('#start_time').val()
+    if (sd && st) {
+        data_sent['start_date'] = `${sd}T${st}`;
+    }
+
+    let ed = $('#end_date').val();
+    let et = $('#end_time').val();
+    if (ed && et) {
+        data_sent['end_date'] = `${ed}T${et}`;
+    }
+
+
+    let ret = get_custom_attributes_fields();
+    let has_error = ret[0].length > 0;
+    let attributes = ret[1];
 
     if (has_error){return false;}
 
@@ -246,6 +338,7 @@ function update_rfile(rfiles_id) {
     .done((data) => {
         notify_auto_api(data);
         reload_rfiles();
+        $('#modal_add_rfiles').modal("hide");
     });
 }
 
@@ -292,7 +385,19 @@ $(document).ready(function(){
               return data;
             }
           },
-          { "data": "date_added" },
+          { "data": "type_id",
+            "render": function (data, type, row, meta) {
+              if (type === 'display' || type === 'sort' || type === 'filter') {
+
+                  if (row['type'] !== null && row['type'] !== undefined) {
+                      data = sanitizeHTML(row['type'].name)
+                  } else {
+                      data = 'Unspecified'
+                  }
+              }
+              return data;
+            }
+          },
           { "data": "file_hash",
             "render": function (data, type, row, meta) {
                 if (type === 'display') { data = sanitizeHTML(data);}
@@ -309,9 +414,11 @@ $(document).ready(function(){
                 if (type === 'display') { data = sanitizeHTML(data);}
                 return data;
               }},
-          { "data": "username",
+          { "data": "user",
             "render": function (data, type, row, meta) {
-                if (type === 'display') { data = sanitizeHTML(data);}
+                if (type === 'display'|| type === 'sort' || type === 'filter') {
+                    data = sanitizeHTML(data.user_name);
+                }
                 return data;
               }}
         ],
diff --git a/source/app/static/assets/js/iris/case.summary.js b/source/app/static/assets/js/iris/case.summary.js
index fdc27aa0c..286d482d7 100644
--- a/source/app/static/assets/js/iris/case.summary.js
+++ b/source/app/static/assets/js/iris/case.summary.js
@@ -301,6 +301,10 @@ function case_detail(case_id, edit_mode=false) {
         if (edit_mode) {
             edit_case_info();
         }
+
+        $('#modal_case_detail').off('hide.bs.modal').on("hide.bs.modal", function (e) {
+            location.reload();
+        });
     });
 }
 
diff --git a/source/app/static/assets/js/iris/common.js b/source/app/static/assets/js/iris/common.js
index 5995337b6..0e628225b 100644
--- a/source/app/static/assets/js/iris/common.js
+++ b/source/app/static/assets/js/iris/common.js
@@ -560,6 +560,24 @@ function copy_object_link_md(data_type, node_id){
     });
 }
 
+function copy_text_clipboardb(data){
+    navigator.clipboard.writeText(fromBinary64(data)).then(function() {
+        notify_success('Copied!');
+    }, function(err) {
+        notify_error('Can\'t copy link. I printed it in console.');
+        console.error(err);
+    });
+}
+
+function copy_text_clipboard(data){
+    navigator.clipboard.writeText(data).then(function() {
+        notify_success('Copied!');
+    }, function(err) {
+        notify_error('Can\'t copy link. I printed it in console.');
+        console.error(err);
+    });
+}
+
 function load_case_activity(){
     get_request_api('/case/activities/list')
     .done((data) => {
@@ -692,8 +710,18 @@ function load_menu_mod_options_modal(element_id, data_type, anchor) {
 }
 
 function get_row_id(row) {
-    ids_map = ["ioc_id","asset_id","task_id","id"];
-    for (id in ids_map) {
+    let ids_map = ["ioc_id","asset_id","task_id","id"];
+    for (let id in ids_map) {
+        if (row[ids_map[id]] !== undefined) {
+            return row[ids_map[id]];
+        }
+    }
+    return null;
+}
+
+function get_row_value(row, column) {
+    let ids_map = ["asset_name","ioc_value","filename","id"];
+    for (let id in ids_map) {
         if (row[ids_map[id]] !== undefined) {
             return row[ids_map[id]];
         }
@@ -1056,6 +1084,17 @@ function load_menu_mod_options(data_type, table, deletion_fn) {
                     }
                 });
 
+                actionOptions.items.push({
+                    type: 'option',
+                    title: 'Copy',
+                    multi: false,
+                    iconClass: 'fa-regular fa-copy',
+                    action: function(rows){
+                        row = rows[0];
+                        copy_text_clipboard(get_row_value(row));
+                    }
+                });
+
                 actionOptions.items.push({
                     type: 'divider'
                 });
@@ -1227,6 +1266,9 @@ function load_context_switcher() {
                 emptyTitle: 'Select and Begin Typing',
                 statusInitialized: '',
         },
+        minLength: 0,
+        clearOnEmpty: false,
+        emptyRequest: true,
         preprocessData: function (data) {
             return context_data_parser(data);
         },
@@ -1234,14 +1276,14 @@ function load_context_switcher() {
     };
 
 
-    get_request_api('/context/get-cases/100')
+    get_request_api('/context/search-cases')
     .done((data) => {
         context_data_parser(data);
         $('#user_context').ajaxSelectPicker(options);
     });
 }
 
-function context_data_parser(data) {
+function context_data_parser(data, fire_modal = true) {
     if(notify_auto_api(data, true)) {
         $('#user_context').empty();
 
@@ -1263,7 +1305,10 @@ function context_data_parser(data) {
             }
         }
 
-        $('#modal_switch_context').modal("show");
+        if (fire_modal) {
+            $('#modal_switch_context').modal("show");
+        }
+
         $('#user_context').selectpicker('refresh');
         $('#user_context').selectpicker('val', get_caseid());
         return ret_data;
diff --git a/source/app/static/assets/js/iris/dashboard.js b/source/app/static/assets/js/iris/dashboard.js
index ea9a168d8..6c3a3099d 100644
--- a/source/app/static/assets/js/iris/dashboard.js
+++ b/source/app/static/assets/js/iris/dashboard.js
@@ -314,6 +314,12 @@ $(document).ready(function() {
                         datas += '<span class="badge badge-primary">' + sanitizeHTML(data[index]['tag_title']) + '</span> ';
                     }
                     return datas;
+                  } else if (type === 'sort' || type === 'filter') {
+                      datas = '';
+                      for (let index in data) {
+                         datas += ' '+ data[index]['tag_title'];
+                      }
+                      return datas;
                   }
                   return data;
                 }
diff --git a/source/app/static/assets/js/iris/manage.objects.js b/source/app/static/assets/js/iris/manage.objects.js
index ffdfa9903..f3ced288b 100644
--- a/source/app/static/assets/js/iris/manage.objects.js
+++ b/source/app/static/assets/js/iris/manage.objects.js
@@ -535,4 +535,119 @@ function delete_case_state(id) {
         swal("Pfew, that was close");
       }
     });
-}
\ No newline at end of file
+}
+
+
+
+/***    Evidence types    ***/
+
+function add_evidence_type() {
+    var url = '/manage/evidence-types/add/modal' + case_param();
+    $('#modal_add_type_content').load(url, function () {
+
+        $('#submit_new_evidence_type').on("click", function () {
+            var form = $('form#form_new_evidence_type').serializeObject();
+
+            post_request_api('/manage/evidence-types/add', JSON.stringify(form), true)
+            .done((data) => {
+                if(notify_auto_api(data)) {
+                    refresh_evidence_table();
+                    $('#modal_add_type').modal('hide');
+                }
+            });
+
+            return false;
+        })
+    });
+    $('#modal_add_type').modal({ show: true });
+}
+
+$('#evidence_table').dataTable({
+    "ajax": {
+      "url": "/manage/evidence-types/list" + case_param(),
+      "contentType": "application/json",
+      "type": "GET",
+      "data": function ( d ) {
+        if (d.status == 'success') {
+          return JSON.stringify( d.data );
+        } else {
+          return [];
+        }
+      }
+    },
+    "order": [[ 0, "asc" ]],
+    "autoWidth": false,
+    "columns": [
+        {
+            "data": "name",
+            "render": function ( data, type, row ) {
+                return '<a href="#" onclick="evidence_detail(\'' + row['id'] + '\');">' + sanitizeHTML(data) +'</a>';
+            }
+        },
+        {
+            "data": "description",
+            "render": function ( data, type, row ) {
+                if (type === 'display') { data = sanitizeHTML(data);}
+                return data;
+            }
+        }
+    ]
+ });
+
+function refresh_evidence_table() {
+  $('#evidence_table').DataTable().ajax.reload();
+  notify_success("Refreshed");
+}
+
+function evidence_detail(evidence_id) {
+    let url = '/manage/evidence-types/update/' + evidence_id + '/modal' + case_param();
+    $('#modal_add_type_content').load(url, function (response, status, xhr) {
+        if (status !== "success") {
+             ajax_notify_error(xhr, url);
+             return false;
+        }
+
+        $('#submit_new_evidence_type').on("click", function () {
+            var form = $('form#form_new_evidence_type').serializeObject();
+
+            post_request_api('/manage/evidence-types/update/' + evidence_id, JSON.stringify(form), true)
+            .done((data) => {
+                if(notify_auto_api(data)) {
+                    refresh_evidence_table();
+                    $('#modal_add_type').modal('hide');
+                }
+            });
+
+            return false;
+        })
+
+
+    });
+    $('#modal_add_type').modal({ show: true });
+}
+function delete_evidence_type(id) {
+
+    swal({
+      title: "Are you sure?",
+      text: "You won't be able to revert this !",
+      icon: "warning",
+      buttons: true,
+      dangerMode: true,
+      confirmButtonColor: '#3085d6',
+      cancelButtonColor: '#d33',
+      confirmButtonText: 'Yes, delete it!'
+    })
+    .then((willDelete) => {
+      if (willDelete) {
+            post_request_api('/manage/evidence-types/delete/' + id)
+            .done((data) => {
+                if(notify_auto_api(data)) {
+                    refresh_evidence_table();
+                    $('#modal_add_type').modal('hide');
+                }
+            });
+      } else {
+        swal("Pfew, that was close");
+      }
+    });
+}
diff --git a/source/app/static/assets/js/iris/overview.js b/source/app/static/assets/js/iris/overview.js
index 5b4a470f9..09601324f 100644
--- a/source/app/static/assets/js/iris/overview.js
+++ b/source/app/static/assets/js/iris/overview.js
@@ -1,21 +1,10 @@
 $.each($.find("table"), function(index, element){
     addFilterFields($(element).attr("id"));
 });
-var OverviewTable = $("#overview_table").DataTable({
+let OverviewTable = $("#overview_table").DataTable({
     dom: '<"container-fluid"<"row"<"col"l><"col"f>>>rt<"container-fluid"<"row"<"col"i><"col"p>>>',
     aaData: [],
     aoColumns: [
-      {
-          data: "case_id",
-            render: function (data, type, row, meta) {
-                if (type === 'display') {
-                    data = `<span title="Quick look" class="bg-transparent btn-quick-view" style="cursor: pointer;" data-index="${meta.row}" ><i class="fa-solid fa-eye"></i></span>`;
-                } else if (type === 'sort' || type === 'filter') {
-                    data = parseInt(row['case_id']);
-                }
-                return data;
-            }
-        },
       {
         "data": "name",
         "render": function (data, type, row, meta) {
@@ -25,10 +14,13 @@ var OverviewTable = $("#overview_table").DataTable({
             } else {
                 data = sanitizeHTML(data);
             }
-            data = '<a rel="noopener" title="Open case in new tab" target="_blank" href="case?cid='+ row['case_id'] + '">' + data +'</a>';
+
+            data = `<a title="Open in new tab" rel="noopener" target="_blank" class="mr-2" href="/case?cid=${row['case_id']}"><i class='fa-solid fa-arrow-up-right-from-square ml-1 mr-1 text-muted'></i></a><span data-index="${meta.row}"  class="btn-quick-view text-link" style="cursor: pointer;" title="Quick view">${data}</span>`;
+
           } else if (type === 'sort' || type === 'filter') {
             data = sanitizeHTML(data);
           }
+
           return data;
         }
       },
@@ -179,7 +171,7 @@ var OverviewTable = $("#overview_table").DataTable({
         }
       }
     },
-    order: [[ 1, "asc" ]],
+    order: [[ 6, "asc" ]],
     buttons: [
         { "extend": 'csvHtml5', "text":'Export',"className": 'btn btn-primary btn-border btn-round btn-sm float-left mr-4 mt-2' },
         { "extend": 'copyHtml5', "text":'Copy',"className": 'btn btn-primary btn-border btn-round btn-sm float-left mr-4 mt-2' },
@@ -220,7 +212,7 @@ function get_cases_overview(silent, show_full=false) {
                 $('table tr td:nth-child(' + index  + ')').toggleClass("truncate");
             });
 
-
+            hide_loader();
         }
     });
 }
@@ -293,7 +285,8 @@ function show_case_view(row_index) {
     owner_dl1.append($('<dd class="col-sm-8"/>').text(case_data.state ? case_data.state.state_description: 'None'));
     owner_dl1.append($('<dt class="col-sm-3"/>').text('Last update:'));
     owner_dl1.append($('<dd class="col-sm-8"/>').text(timeSinceLastUpdateStr));
-
+    owner_dl1.append($('<dt class="col-sm-3"/>').text('Severity:'));
+    owner_dl1.append($('<dd class="col-sm-8"/>').text(case_data.severity.severity_name));
 
     owner_col1.append(owner_dl1);
 
@@ -353,6 +346,7 @@ function show_case_view(row_index) {
 }
 
 $(document).ready(function() {
+    show_loader();
     get_cases_overview(true);
 
 
diff --git a/source/app/views.py b/source/app/views.py
index da0a9da3c..01b377c8f 100644
--- a/source/app/views.py
+++ b/source/app/views.py
@@ -45,6 +45,7 @@
 from app.blueprints.manage.manage_attributes_routes import manage_attributes_blueprint
 from app.blueprints.manage.manage_case_classifications import manage_case_classification_blueprint
 from app.blueprints.manage.manage_case_state import manage_case_state_blueprint
+from app.blueprints.manage.manage_evidence_types_route import manage_evidence_types_blueprint
 from app.blueprints.manage.manage_cases_routes import manage_cases_blueprint
 from app.blueprints.manage.manage_customers_routes import manage_customers_blueprint
 from app.blueprints.manage.manage_event_categories_routes import manage_event_cat_blueprint
@@ -92,6 +93,7 @@
 app.register_blueprint(manage_alerts_status_blueprint)
 app.register_blueprint(manage_severities_blueprint)
 app.register_blueprint(manage_case_state_blueprint)
+app.register_blueprint(manage_evidence_types_blueprint)
 app.register_blueprint(saved_filters_blueprint)
 
 app.register_blueprint(ctx_blueprint)