diff --git a/salt/elasticfleet/config.sls b/salt/elasticfleet/config.sls
index 43bfb8af9..c5be686a7 100644
--- a/salt/elasticfleet/config.sls
+++ b/salt/elasticfleet/config.sls
@@ -85,7 +85,7 @@ soresourcesrepoclone:
   git.latest:
     - name: https://github.com/Security-Onion-Solutions/securityonion-resources.git
     - target: /nsm/securityonion-resources
-    - rev: 'dev/defend_filters'
+    - rev: 'main'
     - depth: 1
 {% endif %}
 
@@ -112,6 +112,7 @@ elasticdefendcustom:
     - group: 939
     - mode: 600
 
+{% if ELASTICFLEETMERGED.config.defend_filters.enable_auto_configuration %}
 cronelasticdefendfilters:
   cron.present:
     - name: python3 /sbin/so-elastic-defend-manage-filters.py -c /opt/so/conf/elasticsearch/curl.config -d /opt/so/conf/elastic-fleet/defend-exclusions/disabled-filters.yaml -i /nsm/securityonion-resources/event_filters/ -i /opt/so/conf/elastic-fleet/defend-exclusions/rulesets/custom-filters/ &>> /opt/so/log/elasticfleet/elastic-defend-manage-filters.log
@@ -122,6 +123,7 @@ cronelasticdefendfilters:
     - daymonth: '*'
     - month: '*'
     - dayweek: '*'
+{% endif %}
 
 eaintegrationsdir:
   file.directory:
diff --git a/salt/elasticfleet/enabled.sls b/salt/elasticfleet/enabled.sls
index 26738b688..8cc79bf57 100644
--- a/salt/elasticfleet/enabled.sls
+++ b/salt/elasticfleet/enabled.sls
@@ -17,10 +17,12 @@ include:
   - elasticfleet.sostatus
   - ssl
 
+{% if grains.role not in ['so-fleet'] %}
 # Wait for Elasticsearch to be ready - no reason to try running Elastic Fleet server if ES is not ready
 wait_for_elasticsearch_elasticfleet:
   cmd.run:
     - name: so-elasticsearch-wait
+{% endif %}
 
 # If enabled, automatically update Fleet Logstash Outputs
 {% if ELASTICFLEETMERGED.config.server.enable_auto_configuration and grains.role not in ['so-import', 'so-eval', 'so-fleet'] %}
@@ -146,6 +148,15 @@ so-elastic-agent-grid-upgrade:
 so-elastic-fleet-integration-upgrade:
   cmd.run:
     - name: /usr/sbin/so-elastic-fleet-integration-upgrade
+
+{%   if ELASTICFLEETMERGED.config.defend_filters.enable_auto_configuration %}
+so-elastic-defend-manage-filters-file-watch:
+  cmd.run:
+    - name: python3 /sbin/so-elastic-defend-manage-filters.py -c /opt/so/conf/elasticsearch/curl.config -d /opt/so/conf/elastic-fleet/defend-exclusions/disabled-filters.yaml -i /nsm/securityonion-resources/event_filters/ -i /opt/so/conf/elastic-fleet/defend-exclusions/rulesets/custom-filters/ &>> /opt/so/log/elasticfleet/elastic-defend-manage-filters.log
+    - onchanges:
+      - file: /opt/so/conf/elastic-fleet/defend-exclusions/rulesets/custom-filters-raw
+      - file: /opt/so/conf/elastic-fleet/defend-exclusions/disabled-filters.yaml
+{%    endif %}
 {%  endif %}
 
 delete_so-elastic-fleet_so-status.disabled: