diff --git a/salt/soc/merged.map.jinja b/salt/soc/merged.map.jinja
index 2012917af2..57abe7a489 100644
--- a/salt/soc/merged.map.jinja
+++ b/salt/soc/merged.map.jinja
@@ -35,16 +35,16 @@
 {%   do SOCMERGED.config.server.modules.pop('elastalertengine') %}
 {%   do SOCMERGED.config.server.modules.pop('strelkaengine') %}
 {%   do SOCMERGED.config.server.modules.pop('suricataengine') %}
+{% elif pillar.global.airgap %}
+  {# if system is Airgap, don't autoupdate Yara & Sigma rules #}
+  {%   do SOCMERGED.config.server.modules.elastalertengine.update({'autoUpdateEnabled': false}) %}
+  {%   do SOCMERGED.config.server.modules.strelkaengine.update({'autoUpdateEnabled': false}) %}
 {% endif %}
 
-{% if pillar.manager.playbook == 0 %}
-{%   do SOCMERGED.config.server.client.inactiveTools.append('toolPlaybook') %}
 {% endif %}
 
-{# if system is Airgap, don't autoupdate Yara & Sigma rules #}
-{% if pillar.global.airgap %}
-  {%   do SOCMERGED.config.server.modules.elastalertengine.update({'autoUpdateEnabled': false}) %}
-  {%   do SOCMERGED.config.server.modules.strelkaengine.update({'autoUpdateEnabled': false}) %}
+{% if pillar.manager.playbook == 0 %}
+{%   do SOCMERGED.config.server.client.inactiveTools.append('toolPlaybook') %}
 {% endif %}
 
 {% set standard_actions = SOCMERGED.config.pop('actions') %}