diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 242050f98..fe190ea69 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1456,6 +1456,14 @@ soc:
           org: Security Onion
           bucket: telegraf/so_short_term
           verifyCert: false
+        playbook:
+          autoUpdateEnabled: true
+          playbookImportFrequencySeconds: 86400
+          playbookImportErrorSeconds: 600
+          playbookRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources
+          playbookRepoBranch: playbook-stable
+          playbookRepoPath: /opt/sensoroni/playbooks/
+          playbookPathInRepo: playbook/dev
         salt:
           queueDir: /opt/sensoroni/queue
           timeoutMs: 45000
diff --git a/salt/soc/enabled.sls b/salt/soc/enabled.sls
index d687289b5..4b39d036e 100644
--- a/salt/soc/enabled.sls
+++ b/salt/soc/enabled.sls
@@ -35,6 +35,7 @@ so-soc:
       - /opt/so/conf/soc/soc.json:/opt/sensoroni/sensoroni.json:ro
       - /opt/so/conf/soc/ai_summary_repos:/opt/sensoroni/ai_summary_repos:rw
       - /opt/so/conf/navigator/layers/:/opt/sensoroni/navigator/:rw
+      - /opt/so/conf/soc/playbooks/:/opt/sensoroni/playbooks/:rw
 {% if SOCMERGED.telemetryEnabled and not GLOBALS.airgap %}
       - /opt/so/conf/soc/analytics.js:/opt/sensoroni/html/js/analytics.js:ro
 {% endif %}