diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls
index 5767531f4..145b9e620 100644
--- a/salt/strelka/init.sls
+++ b/salt/strelka/init.sls
@@ -15,6 +15,7 @@
 {%- set MASTER = grains['master'] %}
 {%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{%- set STRELKA_RULES = salt['pillar.get']('strelka:rules', '1') -%}
 
 # Strelka config
 strelkaconfdir:
@@ -32,6 +33,9 @@ strelkasync:
     - user: 939
     - group: 939
     - template: jinja
+    {%- if STRELKA_RULES != 1 %}
+    - exclude_pat: rules/
+    {%- endif %}
 
 strelkadatadir:
    file.directory:
@@ -87,7 +91,7 @@ strelka_backend:
     - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-backend:{{ VERSION }}
     - binds:
       - /opt/so/conf/strelka/backend/:/etc/strelka/:ro
-      - /opt/so/conf/strelka/backend/yara:/etc/yara/:ro
+      - /opt/so/conf/strelka/rules/:/etc/yara/:ro
     - name: so-strelka-backend
     - command: strelka-backend
     - restart_policy: on-failure
diff --git a/salt/top.sls b/salt/top.sls
index 3629fbe0b..7af856b35 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -7,7 +7,7 @@
 {%- set DOMAINSTATS = salt['pillar.get']('master:domainstats', '0') -%}
 {%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%}
 {%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}
-{%- set STRELKA = salt['pillar.get']('static:strelka', '0') -%}
+{%- set STRELKA = salt['pillar.get']('strelka:enabled', '0') -%}
 
 
 base:
diff --git a/setup/so-functions b/setup/so-functions
index 1ba4b66a1..37145e12b 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -953,9 +953,11 @@ master_static() {
 		"  fleet_hostname: N/A"\
 		"  fleet_ip: N/A"\
 		"  sensoronikey: $SENSORONIKEY"\
-		"  strelka: $STRELKA"\
-        "  wazuh: $WAZUH"\
-		"  masterupdate: $MASTERUPDATES"\
+		"  wazuh: $WAZUH"\
+                "  masterupdate: $MASTERUPDATES"\
+		"strelka:"\
+		"  enabled: $STRELKA"\
+		"  rules: $STRELKARULES"\
 		"elastic:"\
 		"  features: False" > "$static_pillar"
 
diff --git a/setup/so-setup b/setup/so-setup
index 478151def..634389dcd 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -255,6 +255,9 @@ fi
 if [[ $is_master ]]; then
 	whiptail_components_adv_warning
 	whiptail_enable_components
+	if [[ $STRELKA == 1 ]]; then
+	    whiptail_strelka_rules
+	fi
 	collect_webuser_inputs
 	get_redirect
 fi
diff --git a/setup/so-whiptail b/setup/so-whiptail
index 48e74e9b5..6c27fcd81 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -1028,6 +1028,25 @@ whiptail_shard_count() {
 
 }
 
+whiptail_strelka_rules() {
+
+        [ -n "$TESTING" ] && return
+
+        whiptail --title "Security Onion Setup" --yesno "Do you want to enable the default YARA rules for Strelka?" 8 75
+
+        local exitstatus=$?
+
+        if [ $exitstatus == 0 ]; then
+                export STRELKARULES=1
+        else
+                local exitstatus=$?
+                whiptail_check_exitstatus $exitstatus
+                export STRELKARULES
+
+        fi
+
+}
+
 whiptail_suricata_pins() {
 
 	[ -n "$TESTING" ] && return