diff --git a/salt/common/soup_scripts.sls b/salt/common/soup_scripts.sls
index 24e6c6152..70fe403b4 100644
--- a/salt/common/soup_scripts.sls
+++ b/salt/common/soup_scripts.sls
@@ -3,7 +3,8 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
-{% if '2.4' in salt['cp.get_file_str']('/etc/soversion') %}
+{% set soversion = salt['cp.get_file_str']('/etc/soversion') %}
+{% if '2.4' in soversion or soversion.startswith('3.') %}
 
 {%   import_yaml '/opt/so/saltstack/local/pillar/global/soc_global.sls' as SOC_GLOBAL %}
 {%   if SOC_GLOBAL.global.airgap %}
diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index d31b8ba0d..67bc150ec 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -2128,6 +2128,26 @@ failed_soup_restore_items() {
 main() {
   trap 'check_err $?' EXIT
 
+  # If running 3.X.X, we need to fetch the correct soup and supporting scripts
+  # from the 3/main branch before proceeding, otherwise we'll clone 2.4/main
+  # and end up with incompatible scripts.
+  if [[ "$INSTALLEDVERSION" == 3.* && "$BRANCH" != "3/main" ]]; then
+    echo "Detected Security Onion $INSTALLEDVERSION. Fetching soup from 3/main branch."
+    rm -rf /tmp/sogh
+    mkdir -p /tmp/sogh
+    cd /tmp/sogh
+    git clone -b 3/main https://github.com/Security-Onion-Solutions/securityonion.git
+    if [ ! -f "$UPDATE_DIR/VERSION" ]; then
+      echo "Unable to clone 3/main branch from Github. Please check your Internet access."
+      exit 1
+    fi
+    cp "$UPDATE_DIR/salt/manager/tools/sbin/soup" /usr/sbin/soup
+    cp "$UPDATE_DIR/salt/common/tools/sbin/so-common" /usr/sbin/so-common
+    cp "$UPDATE_DIR/salt/common/tools/sbin/so-image-common" /usr/sbin/so-image-common
+    echo "Updated soup scripts from 3/main. Restarting soup."
+    exec env BRANCH=3/main soup "$@"
+  fi
+
   if [ -n "$BRANCH" ]; then
     echo "SOUP will use the $BRANCH branch."
     echo ""