diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 197aee070..de372a98f 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1081,7 +1081,7 @@ soc:
           allowRegex: ''
           autoUpdateEnabled: false
           communityRulesImportFrequencySeconds: 86400
-          denyRegex: '.*'
+          denyRegex: ''
           elastAlertRulesFolder: /opt/sensoroni/elastalert
           rulesFingerprintFile: /opt/sensoroni/fingerprints/sigma.fingerprint
           sigmaRulePackages:
diff --git a/salt/soc/merged.map.jinja b/salt/soc/merged.map.jinja
index bc7c5cada..2012917af 100644
--- a/salt/soc/merged.map.jinja
+++ b/salt/soc/merged.map.jinja
@@ -30,6 +30,13 @@
 {# since cases is not a valid soc config item and only used for the map files, remove it from being placed in the config #}
 {% do SOCMERGED.config.server.modules.pop('cases') %}
 
+{# remove these modules if detections is disabled #}
+{% if not SOCMERGED.config.server.client.detectionsEnabled %}
+{%   do SOCMERGED.config.server.modules.pop('elastalertengine') %}
+{%   do SOCMERGED.config.server.modules.pop('strelkaengine') %}
+{%   do SOCMERGED.config.server.modules.pop('suricataengine') %}
+{% endif %}
+
 {% if pillar.manager.playbook == 0 %}
 {%   do SOCMERGED.config.server.client.inactiveTools.append('toolPlaybook') %}
 {% endif %}