diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls
index 5284297a4..e7124727e 100644
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -1,6 +1,6 @@
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
 {% set MASTER = salt['grains.get']('master') %}
-{% set BPF_ZEEK = salt['pillar.get']('zeek:bpf') %}
+{% set BPF_ZEEK = salt['pillar.get']('zeek:bpf', {}) %}
 {% set BPF_STATUS = 0  %}
 {% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
 # Zeek Salt State
@@ -101,9 +101,9 @@ plcronscript:
   {% else  %}
 zeekbpfcompilationfailure:
   test.configurable_test_state:
-   - changes: False
-   - result: False
-   - comment: "BPF Syntax Error - Discarding Specified BPF"
+    - changes: False
+    - result: False
+    - comment: "BPF Syntax Error - Discarding Specified BPF"
    {% endif %}
 {% endif %}
 
@@ -112,12 +112,12 @@ zeekbpf:
     - name: /opt/so/conf/zeek/bpf
     - user: 940
     - group: 940
-   {% if BPF_STATUS %}
+{% if BPF_STATUS %}
     - contents_pillar: zeek:bpf
-   {% else %}
+{% else %}
     - contents:
       - "ip or not ip"
-   {% endif %}
+{% endif %}
 
 localzeeksync:
   file.managed:
@@ -142,7 +142,7 @@ so-zeek:
       - /opt/so/conf/zeek/policy/cve-2020-0601:/opt/zeek/share/zeek/policy/cve-2020-0601:ro
       - /opt/so/conf/zeek/policy/intel:/opt/zeek/share/zeek/policy/intel:rw
       - /opt/so/conf/zeek/bpf:/opt/zeek/etc/bpf:ro 
-   - network_mode: host
+    - network_mode: host
     - watch:
       - file: /opt/so/conf/zeek/local.zeek
       - file: /opt/so/conf/zeek/node.cfg