diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 66355fa24..42e07a7c0 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1464,12 +1464,16 @@ soc:
           autoUpdateEnabled: true
           playbookImportFrequencySeconds: 86400
           playbookImportErrorSeconds: 600
-          playbookRepoUrl:
-            default: https://github.com/Security-Onion-Solutions/securityonion-resources-playbooks
-            airgap: file:///nsm/airgap-resources/playbooks/securityonion-resources-playbooks
-          playbookRepoBranch: main
           playbookRepoPath: /opt/sensoroni/playbooks/
-          playbookPathInRepo: securityonion-normalized
+          playbookRepos:
+            default:
+              - repo: https://github.com/Security-Onion-Solutions/securityonion-resources-playbooks
+                branch: main
+                folder: securityonion-normalized
+            airgap:
+              - repo: file:///nsm/airgap-resources/playbooks/securityonion-resources-playbooks
+                branch: main
+                folder: securityonion-normalized
         salt:
           queueDir: /opt/sensoroni/queue
           timeoutMs: 45000
diff --git a/salt/soc/merged.map.jinja b/salt/soc/merged.map.jinja
index c950d8a60..e053ce63f 100644
--- a/salt/soc/merged.map.jinja
+++ b/salt/soc/merged.map.jinja
@@ -61,11 +61,11 @@
 {%   do SOCMERGED.config.server.update({'airgapEnabled': false}) %}
 {% endif %}
 
-{# set playbookRepoUrl based on airgap or not #}
+{# set playbookRepos based on airgap or not #}
 {% if GLOBALS.airgap %}
-{%   do SOCMERGED.config.server.modules.playbook.update({'playbookRepoUrl': SOCMERGED.config.server.modules.playbook.playbookRepoUrl.airgap}) %}
+{%   do SOCMERGED.config.server.modules.playbook.update({'playbookRepos': SOCMERGED.config.server.modules.playbook.playbookRepos.airgap}) %}
 {% else %}
-{%   do SOCMERGED.config.server.modules.playbook.update({'playbookRepoUrl': SOCMERGED.config.server.modules.playbook.playbookRepoUrl.default}) %}
+{%   do SOCMERGED.config.server.modules.playbook.update({'playbookRepos': SOCMERGED.config.server.modules.playbook.playbookRepos.default}) %}
 {% endif %}
 
 {# remove these modules if detections is disabled #}
diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
index 58560e89e..bbe963ec8 100644
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -552,6 +552,23 @@ soc:
             description: How far back to search for ATT&CK-tagged alerts. (days)
             global: True
             helpLink: attack-navigator.html
+        playbook:
+          playbookRepos:
+            default: &pbRepos
+              description: "Custom Git repositories to pull Playbooks from. Playbooks are pulled when SOC starts and automatically refreshed every 24 hours. If this grid is airgapped then edit the airgap repos. Otherwise edit the default repos."
+              global: True
+              advanced: True
+              forcedType: "[]{}"
+              syntax: json
+              uiElements:
+              - field: repo
+                label: Repo URL
+                required: True
+              - field: branch
+                label: Branch
+              - field: folder
+                label: Folder
+            airgap: *pbRepos
       client:
         enableReverseLookup:
           description: Set to true to enable reverse DNS lookups for IP addresses in the SOC UI.