diff --git a/salt/zeek/files/local.zeek b/salt/zeek/files/local.zeek
index b902eee32..bbb4a78be 100644
--- a/salt/zeek/files/local.zeek
+++ b/salt/zeek/files/local.zeek
@@ -124,3 +124,6 @@ redef LogAscii::json_timestamps = JSON::TS_ISO8601;
 
 # BPF Configuration
 @load securityonion/bpfconf
+
+# Extracted files
+@load securityonion/file-extraction
diff --git a/salt/zeek/policy/securityonion/file-extraction/extract.zeek b/salt/zeek/policy/securityonion/file-extraction/extract.zeek
index 7f0f1c902..b8e8478bd 100644
--- a/salt/zeek/policy/securityonion/file-extraction/extract.zeek
+++ b/salt/zeek/policy/securityonion/file-extraction/extract.zeek
@@ -16,6 +16,6 @@ event file_sniff(f: fa_file, meta: fa_metadata)
     if ( meta?$mime_type )
         ext = ext_map[meta$mime_type];
 
-    local fname = fmt("/nsm/bro/extracted/%s-%s.%s", f$source, f$id, ext);
+    local fname = fmt("/nsm/zeek/extracted/%s-%s.%s", f$source, f$id, ext);
     Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=fname]);
     }