diff --git a/salt/docker/defaults.yaml b/salt/docker/defaults.yaml
index 55dfc5db5..ad3506737 100644
--- a/salt/docker/defaults.yaml
+++ b/salt/docker/defaults.yaml
@@ -73,6 +73,7 @@ docker:
         - 80:80
         - 443:443
         - 8443:8443
+        - 7788:7788
       custom_bind_mounts: []
       extra_hosts: []
     'so-playbook':
diff --git a/salt/firewall/defaults.yaml b/salt/firewall/defaults.yaml
index 1526e5504..b3ec4da27 100644
--- a/salt/firewall/defaults.yaml
+++ b/salt/firewall/defaults.yaml
@@ -94,6 +94,9 @@ firewall:
       tcp:
         - 5601
       udp: []
+    localrules:
+      tcp: - 7788
+      udp: []
     mysql:
       tcp:
         - 3306
@@ -181,6 +184,7 @@ firewall:
                 - influxdb
                 - elasticsearch_rest
                 - elasticsearch_node
+                - localrules
             sensor:
               portgroups:
                 - beats_5044
@@ -364,6 +368,7 @@ firewall:
                 - elastic_agent_control
                 - elastic_agent_data
                 - elastic_agent_update
+                - localrules
             sensor:
               portgroups:
                 - beats_5044
@@ -501,6 +506,7 @@ firewall:
                 - elastic_agent_control
                 - elastic_agent_data
                 - elastic_agent_update
+                - localrules
             sensor:
               portgroups:
                 - beats_5044
@@ -648,6 +654,7 @@ firewall:
                 - elastic_agent_update
                 - endgame
                 - strelka_frontend
+                - localrules
             fleet:
               portgroups:
                 - elasticsearch_rest
@@ -1005,6 +1012,7 @@ firewall:
                 - elasticsearch_rest
                 - elasticsearch_node
                 - elastic_agent_control
+                - localrules
             sensor:
               portgroups:
                 - beats_5044
diff --git a/salt/firewall/soc_firewall.yaml b/salt/firewall/soc_firewall.yaml
index 9954c1305..d1db56a0b 100644
--- a/salt/firewall/soc_firewall.yaml
+++ b/salt/firewall/soc_firewall.yaml
@@ -118,6 +118,9 @@ firewall:
     kibana:
       tcp: *tcpsettings
       udp: *udpsettings
+    localrules:
+      tcp: *tcpsettings
+      udp: *udpsettings
     mysql:
       tcp: *tcpsettings
       udp: *udpsettings
diff --git a/salt/idstools/etc/rulecat.conf b/salt/idstools/etc/rulecat.conf
index fad421243..4ba668026 100644
--- a/salt/idstools/etc/rulecat.conf
+++ b/salt/idstools/etc/rulecat.conf
@@ -4,7 +4,7 @@
 {%- if GLOBALS.airgap is sameas true -%}
 --merged=/opt/so/rules/nids/all.rules
 --local=/opt/so/rules/nids/local.rules
-{%-   if GLOBAL.md_engine == "SURICATA" %}
+{%-   if GLOBALS.md_engine == "SURICATA" %}
 --local=/opt/so/rules/nids/sorules/extraction.rules
 --local=/opt/so/rules/nids/sorules/filters.rules
 {%-   endif %}
diff --git a/setup/so-functions b/setup/so-functions
index 14830b6a2..6aae8806b 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -37,14 +37,8 @@ logCmd() {
 
 airgap_rules() {
 	# Copy the rules for suricata if using Airgap
-	mkdir -p /nsm/repo/rules
-	cp -v /root/SecurityOnion/agrules/emerging-all.rules /nsm/repo/rules/
-	
-	# Copy over sigma rules
-	cp -Rv /root/SecurityOnion/agrules/sigma /nsm/repo/rules/
-
-	# Don't leave Strelka out
-	cp -Rv /root/SecurityOnion/agrules/strelka /nsm/repo/rules/
+	mkdir -p /nsm/rules
+	cp -Rv /root/SecurityOnion/agrules/* /nsm/rules/
 }
 
 add_admin_user() {
diff --git a/setup/so-verify b/setup/so-verify
index 7345ae4ab..62e15b7d4 100755
--- a/setup/so-verify
+++ b/setup/so-verify
@@ -44,6 +44,7 @@ log_has_errors() {
         grep -vE "Exception in callback None" | \
         grep -vE "deprecation: ERROR" | \
         grep -vE "code: 100" | \
+        grep -vE "/nsm/repo/rules/sigma/rules*" | \
         grep -vE "Running scope as unit" &> "$error_log"
     
     if [[ $? -eq 0 ]]; then