diff --git a/salt/common/tools/sbin/so-playbook-sigma-refresh b/salt/common/tools/sbin/so-playbook-sigma-refresh
index 5226b309e..76873b3d5 100755
--- a/salt/common/tools/sbin/so-playbook-sigma-refresh
+++ b/salt/common/tools/sbin/so-playbook-sigma-refresh
@@ -17,11 +17,21 @@
 
 . /usr/sbin/so-common
 
-# Regenerate ElastAlert & update Plays
-docker exec so-soctopus python3 playbook_play-update.py
+if ! [ -f /opt/so/state/playbook_regen_plays ] || [ "$1" = "--force" ]; then
 
-# Delete current Elastalert Rules
-rm /opt/so/rules/elastalert/playbook/*.yaml
+    echo "Refreshing Sigma & regenerating plays... "
 
-# Regenerate Elastalert Rules
-so-playbook-sync
+    # Regenerate ElastAlert & update Plays
+    docker exec so-soctopus python3 playbook_play-update.py
+
+    # Delete current Elastalert Rules
+    rm /opt/so/rules/elastalert/playbook/*.yaml
+
+    # Regenerate Elastalert Rules
+    so-playbook-sync
+    
+    # Create state file
+    touch /opt/so/state/playbook_regen_plays
+else
+  printf "\nState file found, exiting...\nRerun with --force to override.\n"
+fi
\ No newline at end of file
diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls
index 57f9afb24..2decc6134 100644
--- a/salt/playbook/init.sls
+++ b/salt/playbook/init.sls
@@ -109,6 +109,13 @@ so-playbookruleupdatecron:
     - user: root
     - minute: '1'
     - hour: '6'
+
+so-playbookregencron:
+  cron.present:
+    - name: /usr/sbin/so-playbook-sigma-refresh > /opt/so/log/playbook/regen.log 2>&1
+    - user: root
+    - minute: '55'
+    - hour: '23'
     
 {% if 'idh' in salt['cmd.shell']("ls /opt/so/saltstack/local/pillar/minions/|awk -F'_' {'print $2'}|awk -F'.' {'print $1'}").split() %}
 idh-plays: