diff --git a/salt/suricata/defaults.yaml b/salt/suricata/defaults.yaml
index e9e39d40a..4961ae50a 100644
--- a/salt/suricata/defaults.yaml
+++ b/salt/suricata/defaults.yaml
@@ -128,6 +128,16 @@ suricata:
         enabled: "no"
       pcap-log:
         enabled: "no"
+        compression: "none"
+        lz4-checksum: "no"
+        lz4-level: 8
+        filename: "%n/so-pcap.%t"
+        limit: "1000mb"
+        mode: "multi"
+        max-files: 10
+        use-stream-depth: "no"
+        conditional: "all"
+        dir: "/nsm/pcap"
       alert-debug:
         enabled: "no"
       alert-prelude:
diff --git a/salt/suricata/soc_suricata.yaml b/salt/suricata/soc_suricata.yaml
index 30f277c0a..58a2273b9 100644
--- a/salt/suricata/soc_suricata.yaml
+++ b/salt/suricata/soc_suricata.yaml
@@ -153,6 +153,53 @@ suricata:
               header:
                 description: Header name where the actual IP address will be reported.
                 helpLink: suricata.html
+      pcap-log:
+        enabled:
+          description: Enable Suricata to collect PCAP.
+          helpLink: suricata.html
+        compression: 
+          description: Enable compression of Suricata PCAP. Currently unsupported
+          advanced: True
+          readonly: True
+          helpLink: suricata.html
+        lz4-checksum: 
+          description: Enable PCAP lz4 checksum. Currently unsupported
+          advanced: True
+          readonly: True
+          helpLink: suricata.html
+        lz4-level: 
+          description: lz4 compression level of PCAP. 0 for no compression 16 for max compression. Currently unsupported
+          advanced: True
+          readonly: True
+          helpLink: suricata.html
+        filename:
+          description: Filename output for Suricata PCAP.
+          advanced: True
+          readonly: True
+          helpLink: suricata.html
+        limit:
+          description: File size limit per thread. To determine max PCAP size multiple threads x max-files x limit.
+          helpLink: suricata.html
+        mode: 
+          description: Suricata PCAP mode. Currenlty only multi is supported.
+          advanced: True
+          readonly: True
+          helpLink: suricata.html
+        max-files: 
+          description: Max PCAP files per thread. To determine max PCAP size multiple threads x max-files x limit.
+          helpLink: suricata.html
+        use-stream-depth: 
+          description: Set to "no" to ignore the stream depth and capture the entire flow. Set this to "yes" to truncate the flow based on the stream depth. 
+          advanced: True
+          helpLink: suricata.html
+        conditional: 
+          description: Set to "all" to capture PCAP for all flows. Set to "alert" to capture PCAP just for alerts or set to "tag" to capture PCAP for just tagged rules.
+          helpLink: suricata.html
+        dir:
+          description: Parent directory to store PCAP.
+          advanced: True
+          readonly: True
+          helpLink: suricata.html
     asn1-max-frames:
       description: Maximum nuber of asn1 frames to decode.
       helpLink: suricata.html
@@ -209,6 +256,9 @@ suricata:
         memcap:
           description: Can be specified in kb,mb,gb.
           helpLink: suricata.html
+        depth:
+          description: Controls how far into a stream that reassembly is done.  
+          helpLink: suricata.html
     host:
       hash-size:
         description: Hash size in bytes.