diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 582f0af82..7664f48b5 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1280,7 +1280,8 @@ soc:
                 community: true
             airgap:
               - repo: file:///nsm/rules/detect-sigma/repos/securityonion-resources
-                license: DRL
+                license: Elastic-2.0
+                folder: sigma/stable
                 community: true
           sigmaRulePackages:
             - core