diff --git a/salt/suricata/config.sls b/salt/suricata/config.sls
index 2a4a051cf..b6796031f 100644
--- a/salt/suricata/config.sls
+++ b/salt/suricata/config.sls
@@ -124,7 +124,7 @@ surirulesync:
     - name: /opt/so/rules/suricata/
     - source: salt://suricata/rules/
     - user: 940
-    - group: 940
+    - group: 939
     - show_changes: False
 
 surilogscript:
diff --git a/salt/suricata/disabled.sls b/salt/suricata/disabled.sls
index 49f8f93bf..e7a75867f 100644
--- a/salt/suricata/disabled.sls
+++ b/salt/suricata/disabled.sls
@@ -23,6 +23,11 @@ clean_suricata_eve_files:
   cron.absent:
     - identifier: clean_suricata_eve_files
 
+# Remove rulestats cron
+rulestats:
+  cron.absent:
+    - identifier: suricata_rulestats
+
 {% else %}
 
 {{sls}}_state_not_allowed: