diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf
index 649fcc241..92fcb4106 100644
--- a/salt/telegraf/etc/telegraf.conf
+++ b/salt/telegraf/etc/telegraf.conf
@@ -20,6 +20,9 @@
 {%- set HELIX_API_KEY = salt['pillar.get']('fireeye:helix:api_key', '') %}
 {%- set UNIQUEID = salt['pillar.get']('sensor:uniqueid', '') %}
 {%- set TRUE_CLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False)  %}
+{%- set ZEEK_ENABLED = salt['pillar.get']('zeek:enabled', 'True') %}
+{%- set MDENGINE = salt['pillar.get']('global:mdengine', 'ZEEK') %}
+
 
 # Global tags can be specified here in key="value" format.
 [global_tags]
@@ -740,10 +743,10 @@
       "/scripts/stenoloss.sh",
       "/scripts/suriloss.sh",
       "/scripts/checkfiles.sh",
-  {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
+  {%- if MDENGINE == 'ZEEK' and ZEEK_ENABLED is sameas true %}
       "/scripts/zeekloss.sh",
       "/scripts/zeekcaptureloss.sh",
-  {% endif %}
+  {%- endif %}
       "/scripts/oldpcap.sh",
       "/scripts/raid.sh",
       "/scripts/beatseps.sh"
@@ -757,10 +760,10 @@
       "/scripts/stenoloss.sh",
       "/scripts/suriloss.sh",
       "/scripts/checkfiles.sh",
-  {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
+  {%- if MDENGINE == 'ZEEK' and ZEEK_ENABLED is sameas true %}
       "/scripts/zeekloss.sh",
       "/scripts/zeekcaptureloss.sh",
-  {% endif %}
+  {%- endif %}
       "/scripts/oldpcap.sh",
       "/scripts/eps.sh",
       "/scripts/raid.sh",
@@ -776,10 +779,10 @@
       "/scripts/stenoloss.sh",
       "/scripts/suriloss.sh",
       "/scripts/checkfiles.sh",
-  {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
+  {%- if MDENGINE == 'ZEEK' and ZEEK_ENABLED is sameas true %}
       "/scripts/zeekloss.sh",
       "/scripts/zeekcaptureloss.sh",
-  {% endif %}
+  {%- endif %}
       "/scripts/oldpcap.sh",
       "/scripts/eps.sh",
       "/scripts/raid.sh",
@@ -794,10 +797,10 @@
       "/scripts/stenoloss.sh",
       "/scripts/suriloss.sh",
       "/scripts/checkfiles.sh",
-  {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
+  {%- if MDENGINE == 'ZEEK' and ZEEK_ENABLED is sameas true %}
       "/scripts/zeekloss.sh",
       "/scripts/zeekcaptureloss.sh",
-  {% endif %}
+  {%- endif %}
       "/scripts/oldpcap.sh",
       "/scripts/influxdbsize.sh",
       "/scripts/raid.sh",
@@ -811,10 +814,10 @@
     "/scripts/stenoloss.sh",
     "/scripts/suriloss.sh",
     "/scripts/checkfiles.sh",
-  {% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
+  {%- if MDENGINE == 'ZEEK' and ZEEK_ENABLED is sameas true %}
     "/scripts/zeekloss.sh",
     "/scripts/zeekcaptureloss.sh",
-  {% endif %}
+  {%- endif %}
     "/scripts/oldpcap.sh",
     "/scripts/helixeps.sh"
   ]
diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls
index e4b83a9e1..2c9fb9846 100644
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -146,7 +146,7 @@ plcronscript:
     - mode: 755
 
 zeekpacketlosscron:
-  cron.present:
+  cron.{{ZEEKOPTIONS.pl_cron_state}}:
     - name: /usr/local/bin/packetloss.sh
     - user: root
     - minute: '*/10'
diff --git a/salt/zeek/map.jinja b/salt/zeek/map.jinja
index b5713c6d5..5ae8894bc 100644
--- a/salt/zeek/map.jinja
+++ b/salt/zeek/map.jinja
@@ -4,12 +4,14 @@
 # don't start the docker container if it is an import node or disabled via pillar
 {% if grains.id.split('_')|last == 'import' or ENABLED is sameas false %}
   {% do ZEEKOPTIONS.update({'start': False}) %}
+  {% do ZEEKOPTIONS.update({'pl_cron_state': 'absent'}) %}
 {% else %}
   {% do ZEEKOPTIONS.update({'start': True}) %}
+  {% do ZEEKOPTIONS.update({'pl_cron_state': 'present'}) %}
 {% endif %}
 
 {% if ENABLED is sameas false %}
   {% do ZEEKOPTIONS.update({'status': 'absent'}) %}
 {% else %}
   {% do ZEEKOPTIONS.update({'status': 'running'}) %}
-{% endif %}
\ No newline at end of file
+{% endif %}