diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja
index 6585bd96c..16178dab4 100644
--- a/salt/allowed_states.map.jinja
+++ b/salt/allowed_states.map.jinja
@@ -219,6 +219,10 @@
     {% do allowed_states.append('kibana.secrets') %}
   {% endif %}
 
+  {% if grains.role in ['so-eval', 'so-standalone', 'so-managersearch', 'so-heavynode', 'so-manager'] %}
+    {% do allowed_states.append('curator.disabled') %}
+  {% endif %}
+
   {% if grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
     {% do allowed_states.append('elastalert') %}
   {% endif %}
diff --git a/salt/curator/disabled.sls b/salt/curator/disabled.sls
new file mode 100644
index 000000000..108e78676
--- /dev/null
+++ b/salt/curator/disabled.sls
@@ -0,0 +1,36 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls.split('.')[0] in allowed_states %}
+
+include:
+  - curator.sostatus
+  
+so-curator:
+  docker_container.absent:
+    - force: True
+
+so-curator_so-status.disabled:
+  file.line:
+    - name: /opt/so/conf/so-status/so-status.conf
+    - regex: ^so-curator$
+    - mode: delete
+
+so-curator-cluster-close:
+  cron.absent:
+    - identifier: so-curator-cluster-close
+
+so-curator-cluster-delete:
+  cron.absent:
+    - identifier: so-curator-cluster-delete
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+  test.fail_without_changes:
+    - name: {{sls}}_state_not_allowed
+
+{% endif %}
diff --git a/salt/top.sls b/salt/top.sls
index 5e7d13532..a07f2d9e1 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -74,6 +74,7 @@ base:
     - suricata
     - zeek
     - strelka
+    - curator.disabled
     - elastalert
     - utility
     - soctopus
@@ -103,6 +104,7 @@ base:
     - redis
     - elastic-fleet-package-registry
     - kibana
+    - curator.disabled
     - elastalert
     - utility
     - soctopus
@@ -138,6 +140,7 @@ base:
     - suricata
     - zeek
     - strelka
+    - curator.disabled
     - elastalert
     - utility
     - soctopus
@@ -176,6 +179,7 @@ base:
     - elasticsearch
     - logstash
     - redis
+    - curator.disabled
     - elastic-fleet-package-registry
     - kibana
     - elastalert
@@ -195,6 +199,7 @@ base:
     - elasticsearch
     - logstash
     - redis
+    - curator.disabled
     - strelka
     - pcap
     - suricata