diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index b8fcf0581..c39b7bd90 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1310,6 +1310,8 @@ soc:
             - rbac/users_roles
         strelkaengine:
           allowRegex: ''
+          autoEnabledYaraRules:
+            - securityonion-yara
           autoUpdateEnabled: true
           communityRulesImportFrequencySeconds: 28800
           compileYaraPythonScriptPath: /opt/so/conf/strelka/compile_yara.py
diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
index 42b80a3f0..2001fb0c1 100644
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -186,6 +186,11 @@ soc:
             global: True
             advanced: True
             helpLink: yara.html
+          autoEnabledYaraRules:
+            description: 'Yara rules to automatically enable on initial import. Format is $Ruleset - for example, for the default shipped ruleset: securityonion-yara'
+            global: True
+            advanced: True
+            helpLink: sigma.html
           autoUpdateEnabled:
             description: 'Set to true to enable automatic Internet-connected updates of the Yara rulesets. If this is an Airgap system, this setting will be overridden and set to false.'
             global: True