diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
index 2001fb0c1..4b88a5f84 100644
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -89,10 +89,13 @@ soc:
             advanced: True
             helpLink: sigma.html
           autoEnabledSigmaRules:
-            description: 'Sigma rules to automatically enable on initial import. Format is $Ruleset+$Level - for example, for the core community ruleset and critical level rules: core+critical'
-            global: True
-            advanced: True
-            helpLink: sigma.html
+            default: &autoEnabledSigmaRules
+              description: 'Sigma rules to automatically enable on initial import. Format is $Ruleset+$Level - for example, for the core community ruleset and critical level rules: core+critical. These will be applied based on role if defined and default if not.'
+              global: True
+              advanced: True
+              helpLink: sigma.html
+            so-eval: *autoEnabledSigmaRules
+            so-import: *autoEnabledSigmaRules
           denyRegex:
             description: 'Regex used to filter imported Sigma rules. Deny regex takes precedence over the Allow regex setting.'
             global: True