diff --git a/setup/so-functions b/setup/so-functions
index 02467117e..edeb8b494 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1253,34 +1253,12 @@ nginx_pillar() {
 soc_pillar() {
 	title "Creating the SOC pillar"
 	touch $adv_soc_pillar_file
+	added_module_line=0
 	printf '%s\n'\
 		"soc:"\
 		"  config:"\
 		"    server:"\
-		"      srvKey: '$SOCSRVKEY'"\
-		"      modules:"\
-		"        elastalertengine:"\
-		"          allowRegex: '$ELASTALERT_ALLOW_REGEX'" > "$soc_pillar_file"
-	if [[ -n "$ELASTALERT_FAIL_ERROR_COUNT" ]]; then
-		printf '%s\n'\
-	    "          failAfterConsecutiveErrorCount: $ELASTALERT_FAIL_ERROR_COUNT" >> "$soc_pillar_file"
-	fi
-	
-	printf '%s\n'\
-		"        strelkaengine:"\
-		"          allowRegex: '$STRELKA_ALLOW_REGEX'" >> "$soc_pillar_file"
-	if [[ -n "$STRELKA_FAIL_ERROR_COUNT" ]]; then
-	 	printf '%s\n'\
-		"          failAfterConsecutiveErrorCount: $STRELKA_FAIL_ERROR_COUNT" >> "$soc_pillar_file"
-	fi
-	
-	printf '%s\n'\
-		"        suricataengine:"\
-		"          allowRegex: '$SURICATA_ALLOW_REGEX'" >> "$soc_pillar_file"
-	if [[ -n "$SURICATA_FAIL_ERROR_COUNT" ]]; then
-		printf '%s\n'\
-		"          failAfterConsecutiveErrorCount: $SURICATA_FAIL_ERROR_COUNT" >> "$soc_pillar_file"
-	fi
+		"      srvKey: '$SOCSRVKEY'" > "$soc_pillar_file"
 
 	if [[ $telemetry -ne 0 ]]; then
 		echo "  telemetryEnabled: false" >> $soc_pillar_file
diff --git a/setup/so-setup b/setup/so-setup
index 571fcc75d..bd8a8c6ba 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -245,12 +245,6 @@ if [ -n "$test_profile" ]; then
 	WEBUSER=onionuser@somewhere.invalid
 	WEBPASSWD1=0n10nus3r
 	WEBPASSWD2=0n10nus3r
-	STRELKA_ALLOW_REGEX="EquationGroup_Toolset_Apr17__ELV_.*"
-	STRELKA_FAIL_ERROR_COUNT=1
-	ELASTALERT_ALLOW_REGEX="Security Onion"
-	ELASTALERT_FAIL_ERROR_COUNT=1
-	SURICATA_ALLOW_REGEX="(200033\\d|2100538|2102466)"
-	SURICATA_FAIL_ERROR_COUNT=1
 
 	update_sudoers_for_testing
 fi