diff --git a/setup/so-functions b/setup/so-functions
index 80ad0be6a..3cdaee9ca 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1259,12 +1259,27 @@ soc_pillar() {
 		"      srvKey: '$SOCSRVKEY'"\
 		"      modules:"\
 		"        elastalertengine:"\
-		"          allowRegex: '$ELASTALERT_ALLOW_REGEX'"\
+		"          allowRegex: '$ELASTALERT_ALLOW_REGEX'" > "$soc_pillar_file"
+	if [[ -n "$ELASTALERT_FAIL_ERROR_COUNT" ]]; then
+		printf '%s\n'\
+	    "          failAfterConsecutiveErrorCount: $ELASTALERT_FAIL_ERROR_COUNT" >> "$soc_pillar_file"
+	fi
+	
+	printf '%s\n'\
 		"        strelkaengine:"\
-		"          allowRegex: '$STRELKA_ALLOW_REGEX'"\
+		"          allowRegex: '$STRELKA_ALLOW_REGEX'" >> "$soc_pillar_file"
+	if [[ -n "$STRELKA_FAIL_ERROR_COUNT" ]]; then
+	 	printf '%s\n'\
+		"          failAfterConsecutiveErrorCount: $STRELKA_FAIL_ERROR_COUNT" >> "$soc_pillar_file"
+	fi
+	
+	printf '%s\n'\
 		"        suricataengine:"\
-		"          allowRegex: '$SURICATA_ALLOW_REGEX'"\
-		"" > "$soc_pillar_file"
+		"          allowRegex: '$SURICATA_ALLOW_REGEX'" >> "$soc_pillar_file"
+	if [[ -n "$SURICATA_FAIL_ERROR_COUNT" ]]; then
+		printf '%s\n'\
+		"          failAfterConsecutiveErrorCount: $SURICATA_FAIL_ERROR_COUNT" >> "$soc_pillar_file"
+	fi
 
 	if [[ $telemetry -ne 0 ]]; then
 		echo "  telemetryEnabled: false" >> $soc_pillar_file
diff --git a/setup/so-setup b/setup/so-setup
index b76f9bb98..cb535469b 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -246,8 +246,11 @@ if [ -n "$test_profile" ]; then
 	WEBPASSWD1=0n10nus3r
 	WEBPASSWD2=0n10nus3r
 	STRELKA_ALLOW_REGEX="EquationGroup_Toolset_Apr17__ELV_.*"
+	STRELKA_FAIL_ERROR_COUNT=1
 	ELASTALERT_ALLOW_REGEX="Security Onion"
+	ELASTALERT_FAIL_ERROR_COUNT=1
 	SURICATA_ALLOW_REGEX="(200033\\d|2100538|2102466)"
+	SURICATA_FAIL_ERROR_COUNT=1
 
 	update_sudoers_for_testing
 fi