diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index ca64c6b7b..1f9fe686b 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -2182,9 +2182,9 @@ soc:
             manualSync:
               customEnabled: false
               labels:
-              - Suricata
-              - Strelka
               - ElastAlert
+              - Strelka
+              - Suricata
           eventFields:
             default:
               - so_detection.title