diff --git a/salt/zeek/policy/securityonion/file-extraction/extract.zeek b/salt/zeek/policy/securityonion/file-extraction/extract.zeek
index e23c44a92..e5b7db864 100644
--- a/salt/zeek/policy/securityonion/file-extraction/extract.zeek
+++ b/salt/zeek/policy/securityonion/file-extraction/extract.zeek
@@ -1,5 +1,5 @@
-{%- import_yaml "zeek/fileextraction_defaults.yaml" as zeek_default %}
-{%- set zeek = salt['grains.filter_by'](zeek_default, default='zeek', merge=salt['pillar.get']('zeek', {})) %}
+{% import_yaml "zeek/fileextraction_defaults.yaml" as zeek_default -%}
+{% set zeek = salt['grains.filter_by'](zeek_default, default='zeek', merge=salt['pillar.get']('zeek', {})) -%}
 # Directory to stage Zeek extracted files before processing
 redef FileExtract::prefix = "/nsm/zeek/extracted/";
 # Set a limit to the file size
@@ -7,7 +7,7 @@ redef FileExtract::default_limit = 9000000;
 # These are the mimetypes we want to rip off the networks
 export {
     global _mime_whitelist: table[string] of string = {
-        {%- for li in zeek.zeek.policy.file_extraction %}
+        {%- for li in zeek.policy.file_extraction %}
           {%- if not loop.last %}
           {%- for k,v in li.items() %}
         ["{{ k }}"] = "{{ v }}",