diff --git a/salt/global/soc_global.yaml b/salt/global/soc_global.yaml
new file mode 100644
index 000000000..ad4046714
--- /dev/null
+++ b/salt/global/soc_global.yaml
@@ -0,0 +1,49 @@
+global:
+  soversion:
+    description: Current version of Security Onion. 
+    global: True
+    readonly: True
+  managerip:
+    description: The IP address of the grid manager.
+    global: True
+  mdengine:
+    description: What engine to use for meta data generation. Options are ZEEK and SURICATA.
+    global: True
+  ids:
+    description: Which IDS engine to use. Currently only Suricata is supported.
+    global: True
+    readonly: True
+    advanced: True
+  url_base:
+    description: Used for handling of authentication cookies. 
+    global: True
+  airgap:
+    description: Sets airgap mode.
+    global: True
+    readonly: True
+  imagerepo:
+    description: Image repo to pull image from.
+    global: True
+    advanced: True
+  pipeline:
+    description: Sets which pipeline technology for events to use. Currently only Redsi is supported.
+    global: True
+    readonly: True
+    advanced: True
+  repo_host:
+    description: Specify the host where operating system packages will be served from.
+    global: True
+    advanced: True
+  registry_host:
+    description: Specify the host where docker/podman images will be pulled from.
+    global: True
+    advanced: True
+  influxdb_host:
+    description: Specify the host where influxdb is hosted.
+    global: True
+    advanced: True
+  engame_host:
+    description: Allows use of Endgame with Security Onion. This feature requires a license from Endgame.
+    global: True
+    advanced: True
+