diff --git a/files/salt/master/master b/files/salt/master/master
index b93fa93de..e309a560b 100644
--- a/files/salt/master/master
+++ b/files/salt/master/master
@@ -41,6 +41,7 @@ file_roots:
   base:
     - /opt/so/saltstack/local/salt
     - /opt/so/saltstack/default/salt
+    - /opt/so/rules
 
 
 # The master_roots setting configures a master-only copy of the file_roots dictionary,
diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index a250116d1..6f086469a 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -594,6 +594,16 @@ up_to_2.4.50() {
   touch /opt/so/saltstack/local/pillar/stig/adv_stig.sls
   touch /opt/so/saltstack/local/pillar/stig/soc_stig.sls
 
+  # the file_roots need to be update due to salt 3006.6 upgrade not allowing symlinks outside the file_roots
+  # put new so-yaml in place
+  echo "Updating so-yaml"
+  \cp -v "$UPDATE_DIR/salt/manager/tools/sbin/so-yaml.py" "$DEFAULT_SALT_DIR/salt/manager/tools/sbin/"
+  \cp -v "$UPDATE_DIR/salt/manager/tools/sbin/so-yaml.py" /usr/sbin/
+  echo "Creating a backup of the salt-master config."
+  cp -v /etc/salt/master "/etc/salt/master.so-$INSTALLEDVERSION"
+  echo "Adding /opt/so/rules to file_roots using so-yaml"
+  so-yaml.py append /etc/salt/master file_roots.base /opt/so/rules
+
   INSTALLEDVERSION=2.4.50
 }
 
diff --git a/salt/suricata/config.sls b/salt/suricata/config.sls
index 8d5279349..4804565ce 100644
--- a/salt/suricata/config.sls
+++ b/salt/suricata/config.sls
@@ -84,10 +84,12 @@ suridatadir:
     - mode: 770
     - makedirs: True
 
+# salt:// would resolve to /opt/so/rules because of the defined file_roots and
+# nids not existing under /opt/so/saltstack/local/salt or /opt/so/saltstack/default/salt
 surirulesync:
   file.recurse:
     - name: /opt/so/conf/suricata/rules/
-    - source: salt://suricata/rules/
+    - source: salt://nids/
     - user: 940
     - group: 940
     - show_changes: False