diff --git a/salt/suricata/soc_suricata.yaml b/salt/suricata/soc_suricata.yaml
index 65cb69a35..251de8663 100644
--- a/salt/suricata/soc_suricata.yaml
+++ b/salt/suricata/soc_suricata.yaml
@@ -1,4 +1,10 @@
 suricata:
+  thresholding:
+    sids__yaml:
+      description: Threshold SIDS List
+      file: True
+      syntax: yaml
+      title: SIDS
   config:
     vars:
       address-groups:
diff --git a/salt/suricata/thresholding/sids.yaml b/salt/suricata/thresholding/sids.yaml
new file mode 100644
index 000000000..e9dc04e25
--- /dev/null
+++ b/salt/suricata/thresholding/sids.yaml
@@ -0,0 +1,44 @@
+thresholding:
+  sids:
+    99999999999999999:
+      - threshold:
+          gen_id: 1
+          type: threshold
+          track: by_src
+          count: 10
+          seconds: 10
+      - threshold:
+          gen_id: 1
+          type: limit
+          track: by_dst
+          count: 100
+          seconds: 30
+      - rate_filter:
+          gen_id: 1
+          track: by_rule
+          count: 50
+          seconds: 30
+          new_action: alert
+          timeout: 30
+      - suppress:
+          gen_id: 1
+          track: by_either
+          ip: 10.10.3.7
+    99999999999999998:
+      - threshold:
+          gen_id: 1
+          type: limit
+          track: by_dst
+          count: 10
+          seconds: 10
+      - rate_filter:
+          gen_id: 1
+          track: by_src
+          count: 50
+          seconds: 20
+          new_action: pass
+          timeout: 60
+      - suppress:
+          gen_id: 1
+          track: by_src
+          ip: 10.10.3.0/24
\ No newline at end of file