diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls
index 8cb9f5d21..fe6478464 100644
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -73,6 +73,14 @@ zeekpolicysync:
     - group: 939
     - template: jinja
 
+# Ensure the zeek spool tree (and state.db) ownership is correct
+zeekspoolownership:
+  file.directory:
+    - name: /nsm/zeek/spool
+    - user: 937
+    - recurse:
+      - user
+
 # Sync Intel
 zeekintelloadsync:
   file.managed: