diff --git a/salt/suricata/files/threshold.conf.jinja b/salt/suricata/files/threshold.conf.jinja
index 45642404a..a439dad96 100644
--- a/salt/suricata/files/threshold.conf.jinja
+++ b/salt/suricata/files/threshold.conf.jinja
@@ -1,9 +1,8 @@
-{% set THRESHOLDING  = salt['pillar.get']('thresholding', {}) -%}
-
+{% import_yaml 'suricata/thresholding/sids.yaml' as THRESHOLDING %}
 {% if THRESHOLDING -%}
   
-  {% for EACH_SID in THRESHOLDING.sids -%}
-    {% for ACTIONS_LIST in THRESHOLDING.sids[EACH_SID] -%}
+  {% for EACH_SID in THRESHOLDING -%}
+    {% for ACTIONS_LIST in THRESHOLDING[EACH_SID] -%}
       {% for EACH_ACTION in ACTIONS_LIST -%}
         
         {%- if EACH_ACTION == 'threshold' %}
@@ -31,6 +30,6 @@
   {%- endfor %}
 
 {%- else %}
-##### The thresholding pillar has not been defined
+##### Navigate to suricata > thresholding > SIDS in SOC to define thresholding
 
 {%- endif %}
diff --git a/salt/suricata/soc_suricata.yaml b/salt/suricata/soc_suricata.yaml
index 976949111..f1971f17f 100644
--- a/salt/suricata/soc_suricata.yaml
+++ b/salt/suricata/soc_suricata.yaml
@@ -5,8 +5,10 @@ suricata:
   thresholding:
     sids__yaml:
       description: Threshold SIDS List
-      file: True
       syntax: yaml
+      file: True
+      global: True
+      multiline: True
       title: SIDS
       helpLink: suricata.html
   config:
diff --git a/salt/suricata/thresholding/sids.yaml b/salt/suricata/thresholding/sids.yaml
index e9dc04e25..e69de29bb 100644
--- a/salt/suricata/thresholding/sids.yaml
+++ b/salt/suricata/thresholding/sids.yaml
@@ -1,44 +0,0 @@
-thresholding:
-  sids:
-    99999999999999999:
-      - threshold:
-          gen_id: 1
-          type: threshold
-          track: by_src
-          count: 10
-          seconds: 10
-      - threshold:
-          gen_id: 1
-          type: limit
-          track: by_dst
-          count: 100
-          seconds: 30
-      - rate_filter:
-          gen_id: 1
-          track: by_rule
-          count: 50
-          seconds: 30
-          new_action: alert
-          timeout: 30
-      - suppress:
-          gen_id: 1
-          track: by_either
-          ip: 10.10.3.7
-    99999999999999998:
-      - threshold:
-          gen_id: 1
-          type: limit
-          track: by_dst
-          count: 10
-          seconds: 10
-      - rate_filter:
-          gen_id: 1
-          track: by_src
-          count: 50
-          seconds: 20
-          new_action: pass
-          timeout: 60
-      - suppress:
-          gen_id: 1
-          track: by_src
-          ip: 10.10.3.0/24
\ No newline at end of file