diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index 5635a41d9..0d2f94b8d 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -1116,6 +1116,9 @@ cat > /opt/so/conf/soc/fingerprints/suricataengine.syncBlock << EOF
 Suricata ruleset sync is blocked until this file is removed. Make sure that you have manually added any custom Suricata rulesets via SOC config - review the documentation for more details: securityonion.net/docs
 EOF
 
+# Create salt local rules dir
+install -d -o 939 -g 939 /opt/so/saltstack/local/salt/suricata/rules/
+
 # Backup custom rules & overrides
 mkdir -p /nsm/backup/detections-migration/2-4-200
 cp /usr/sbin/so-rule-update /nsm/backup/detections-migration/2-4-200