diff --git a/salt/ca/init.sls b/salt/ca/init.sls
index 62b89d351..84c74ef3d 100644
--- a/salt/ca/init.sls
+++ b/salt/ca/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'ca' in top_states %}
+
 {% set manager = salt['grains.get']('master') %}
 /etc/salt/minion.d/signing_policies.conf:
   file.managed:
@@ -51,4 +56,12 @@ cakeyperms:
     - replace: False
     - name: /etc/pki/ca.key
     - mode: 640
-    - group: 939
\ No newline at end of file
+    - group: 939
+
+{% else %}
+
+ca_state_not_allowed:
+  test.fail_without_changes:
+    - name: ca_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/common/init.sls b/salt/common/init.sls
index c950e6036..896e0f025 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'common' in top_states %}
+
 {% set role = grains.id.split('_') | last %}
 
 # Remove variables.txt from /tmp - This is temp
@@ -190,4 +195,12 @@ sensorrotateconf:
 # Make sure Docker is always running
 docker:
   service.running:
-    - enable: True
\ No newline at end of file
+    - enable: True
+
+{% else %}
+
+common_state_not_allowed:
+  test.fail_without_changes:
+    - name: common_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/curator/init.sls b/salt/curator/init.sls
index b98eaf6cb..31f738349 100644
--- a/salt/curator/init.sls
+++ b/salt/curator/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'curator' in top_states %}
+
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
@@ -131,3 +136,11 @@ so-curator:
 
 # End Curator Cron Jobs
 {% endif %}
+
+{% else %}
+
+curator_state_not_allowed:
+  test.fail_without_changes:
+    - name: curator_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/docker/init.sls b/salt/docker/init.sls
index 3021552ab..273dbae91 100644
--- a/salt/docker/init.sls
+++ b/salt/docker/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'docker' in top_states %}
+
 installdocker:
   pkg.installed:
     - name: docker-ce
@@ -5,4 +10,12 @@ installdocker:
 # Make sure Docker is running!
 docker:
   service.running:
-    - enable: True
\ No newline at end of file
+    - enable: True
+
+{% else %}
+
+docker_state_not_allowed:
+  test.fail_without_changes:
+    - name: docker_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/domainstats/init.sls b/salt/domainstats/init.sls
index 764435e5f..daac87387 100644
--- a/salt/domainstats/init.sls
+++ b/salt/domainstats/init.sls
@@ -12,6 +12,10 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'domainstats' in top_states %}
 
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 
@@ -51,3 +55,11 @@ so-domainstats:
     - user: domainstats
     - binds:
       - /opt/so/log/domainstats:/var/log/domain_stats
+
+{% else %}
+
+domainstats_state_not_allowed:
+  test.fail_without_changes:
+    - name: domainstats_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls
index 741f9ff2a..a97a3f512 100644
--- a/salt/elastalert/init.sls
+++ b/salt/elastalert/init.sls
@@ -12,6 +12,11 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'elastalert' in top_states %}
+
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
@@ -125,3 +130,11 @@ so-elastalert:
     - require:
       - module: wait_for_elasticsearch
 {% endif %}
+
+{% else %}
+
+elastalert_state_not_allowed:
+  test.fail_without_changes:
+    - name: elastalert_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
index cc2d91537..c87afc65c 100644
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -12,6 +12,11 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'elasticsearch' in top_states %}
+
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
@@ -237,4 +242,12 @@ so-elasticsearch-templates:
   cmd.run:
     - name: /usr/sbin/so-elasticsearch-templates
     - cwd: /opt/so
+{% endif %}
+
+{% else %}
+
+elasticsearch_state_not_allowed:
+  test.fail_without_changes:
+    - name: elasticsearch_state_not_allowed
+
 {% endif %}
\ No newline at end of file
diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls
index ee7c5ae10..8937d8e13 100644
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -11,6 +11,11 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'filebeat' in top_states %}
+
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
@@ -69,3 +74,11 @@ so-filebeat:
         - 0.0.0.0:514:514/udp
     - watch:
       - file: /opt/so/conf/filebeat/etc/filebeat.yml
+
+{% else %}
+
+filebeat_state_not_allowed:
+  test.fail_without_changes:
+    - name: filebeat_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index 7d4dab0bf..07871fa74 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'firewall' in top_states %}
+
 # Firewall Magic for the grid
 {% from 'firewall/map.jinja' import hostgroups with context %}
 {% from 'firewall/map.jinja' import assigned_hostgroups with context %}
@@ -128,3 +133,11 @@ iptables_drop_all_the_things:
     - chain: LOGGING
     - jump: DROP
     - save: True
+
+{% else %}
+
+firewall_state_not_allowed:
+  test.fail_without_changes:
+    - name: firewall_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/fleet/init.sls b/salt/fleet/init.sls
index b2a3bb516..220f3c4cb 100644
--- a/salt/fleet/init.sls
+++ b/salt/fleet/init.sls
@@ -132,4 +132,4 @@ so-fleet:
     - watch:
       - /opt/so/conf/fleet/etc
 
-{% endif %}
+{% endif %}
\ No newline at end of file
diff --git a/salt/freqserver/init.sls b/salt/freqserver/init.sls
index f48b66cff..668e33079 100644
--- a/salt/freqserver/init.sls
+++ b/salt/freqserver/init.sls
@@ -12,6 +12,10 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'freqserver' in top_states %}
 
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 
@@ -52,3 +56,11 @@ so-freq:
     - binds:
       - /opt/so/log/freq_server:/var/log/freq_server:rw
 
+{% else %}
+
+freqserver_state_not_allowed:
+  test.fail_without_changes:
+    - name: freqserver_state_not_allowed
+
+{% endif %}
+
diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls
index 9fdd26b12..401d2d7d7 100644
--- a/salt/grafana/init.sls
+++ b/salt/grafana/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'grafana' in top_states %}
+
 {% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
@@ -230,4 +235,12 @@ so-grafana:
     - watch:
       - file: /opt/so/conf/grafana/*
 
+{% endif %}
+
+{% else %}
+
+grafana_state_not_allowed:
+  test.fail_without_changes:
+    - name: grafana_state_not_allowed
+
 {% endif %}
\ No newline at end of file
diff --git a/salt/healthcheck/init.sls b/salt/healthcheck/init.sls
index 94f8028ba..af1de6d83 100644
--- a/salt/healthcheck/init.sls
+++ b/salt/healthcheck/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'healthcheck' in top_states %}
+
 {% set CHECKS = salt['pillar.get']('healthcheck:checks', {}) %}
 {% set ENABLED = salt['pillar.get']('healthcheck:enabled', False) %}
 {% set SCHEDULE = salt['pillar.get']('healthcheck:schedule', 300) %}
@@ -23,3 +28,11 @@ healthcheck_schedule_{{ STATUS[0] }}:
 healthcheck_schedule_{{ STATUS[1] }}:
   schedule.{{ STATUS[1] }}:
     - name: healthcheck
+
+{% else %}
+
+healthcheck_state_not_allowed:
+  test.fail_without_changes:
+    - name: healthcheck_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/idstools/init.sls b/salt/idstools/init.sls
index 93db83759..87f35777d 100644
--- a/salt/idstools/init.sls
+++ b/salt/idstools/init.sls
@@ -12,6 +12,11 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'idstools' in top_states %}
+
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
@@ -69,3 +74,11 @@ so-idstools:
       - /opt/so/rules/nids:/opt/so/rules/nids:rw
     - watch:
       - file: idstoolsetcsync
+
+{% else %}
+
+idstools_state_not_allowed:
+  test.fail_without_changes:
+    - name: idstools_state_not_allowed
+
+{% endif%}
\ No newline at end of file
diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls
index d35ab6cae..6f95cfec2 100644
--- a/salt/influxdb/init.sls
+++ b/salt/influxdb/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'influxdb' in top_states %}
+
 {% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
@@ -40,4 +45,12 @@ so-influxdb:
     - watch:
       - file: influxdbconf
 
+{% endif %}
+
+{% else %}
+
+influxdb_state_not_allowed:
+  test.fail_without_changes:
+    - name: influxdb_state_not_allowed
+
 {% endif %}
\ No newline at end of file
diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls
index 8711d47d1..7f91719d4 100644
--- a/salt/kibana/init.sls
+++ b/salt/kibana/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'kibana' in top_states %}
+
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
@@ -114,4 +119,12 @@ so-kibana-config-load:
 #    - shell: /bin/bash
 #    - runas: socore
 #    - source: salt://kibana/bin/keepkibanahappy.sh
-#    - template: jinja
\ No newline at end of file
+#    - template: jinja
+
+{% else %}
+
+kibana_state_not_allowed:
+  test.fail_without_changes:
+    - name: kibana_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls
index 33fc496dc..ad11bf567 100644
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -12,6 +12,11 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'logstash' in top_states %}
+
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
@@ -195,3 +200,11 @@ so-logstash:
 {% for TEMPLATE in TEMPLATES %}
       - file: es_template_{{TEMPLATE.split('.')[0] | replace("/","_") }}
 {% endfor %}
+
+{% else %}
+
+logstash_state_not_allowed:
+  test.fail_without_changes:
+    - name: logstash_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/manager/init.sls b/salt/manager/init.sls
index 3b4852542..372f680fe 100644
--- a/salt/manager/init.sls
+++ b/salt/manager/init.sls
@@ -12,6 +12,11 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'manager' in top_states %}
+
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
@@ -76,3 +81,11 @@ so-aptcacherng:
       - /opt/so/conf/aptcacher-ng/etc/acng.conf:/etc/apt-cacher-ng/acng.conf:ro
 
 {% endif %}
+
+{% else %}
+
+manager_state_not_allowed:
+  test.fail_without_changes:
+    - name: manager_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/minio/init.sls b/salt/minio/init.sls
index ece8673bd..c1a681747 100644
--- a/salt/minio/init.sls
+++ b/salt/minio/init.sls
@@ -12,6 +12,10 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'minio' in top_states %}
 
 {% set access_key = salt['pillar.get']('minio:access_key', '') %}
 {% set access_secret = salt['pillar.get']('minio:access_secret', '') %}
@@ -56,4 +60,12 @@ so-minio:
       - /opt/so/conf/minio/etc:/.minio:rw
       - /etc/pki/minio.key:/.minio/certs/private.key:ro
       - /etc/pki/minio.crt:/.minio/certs/public.crt:ro
-    - entrypoint: "/usr/bin/docker-entrypoint.sh server --certs-dir /.minio/certs --address :9595 /data"
\ No newline at end of file
+    - entrypoint: "/usr/bin/docker-entrypoint.sh server --certs-dir /.minio/certs --address :9595 /data"
+
+{% else %}
+
+minio_state_not_allowed:
+  test.fail_without_changes:
+    - name: minio_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/motd/init.sls b/salt/motd/init.sls
index 06ad270a1..bf9d276a6 100644
--- a/salt/motd/init.sls
+++ b/salt/motd/init.sls
@@ -1,5 +1,18 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'motd' in top_states %}
+
 so_motd:
   file.managed:
     - name: /etc/motd
     - source: salt://motd/files/so_motd.jinja
     - template: jinja
+
+{% else %}
+
+motd_state_not_allowed:
+  test.fail_without_changes:
+    - name: motd_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/mysql/init.sls b/salt/mysql/init.sls
index c9c6fde41..818b5c303 100644
--- a/salt/mysql/init.sls
+++ b/salt/mysql/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'mysql' in top_states %}
+
 {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) %}
 {%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
@@ -93,3 +98,11 @@ so-mysql:
     - onchanges:
       - docker_container: so-mysql
 {% endif %}
+
+{% else %}
+
+mysql_state_not_allowed:
+  test.fail_without_changes:
+    - name: mysql_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/nginx/init.sls b/salt/nginx/init.sls
index 2cb7984db..98843b720 100644
--- a/salt/nginx/init.sls
+++ b/salt/nginx/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'nginx' in top_states %}
+
 {% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %}
 {% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %}
 {% set MANAGER = salt['grains.get']('master') %}
@@ -89,3 +94,11 @@ so-nginx:
     - watch:
       - file: nginxconf
       - file: nginxconfdir
+
+{% else %}
+
+nginx_state_not_allowed:
+  test.fail_without_changes:
+    - name: nginx_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/nodered/init.sls b/salt/nodered/init.sls
index 34aacbd81..ac886a6b7 100644
--- a/salt/nodered/init.sls
+++ b/salt/nodered/init.sls
@@ -12,6 +12,10 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'nodered' in top_states %}
 
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 
@@ -75,3 +79,10 @@ so-nodered-flows:
     - name: /usr/sbin/so-nodered-load-flows
     - cwd: /
 
+{% else %}
+
+nodered_state_not_allowed:
+  test.fail_without_changes:
+    - name: nodered_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls
index 135b49334..a82e0fb8d 100644
--- a/salt/pcap/init.sls
+++ b/salt/pcap/init.sls
@@ -12,6 +12,11 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'pcap' in top_states %}
+
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
@@ -160,3 +165,11 @@ so-sensoroni:
       - /opt/so/log/sensoroni:/opt/sensoroni/logs:rw
     - watch:
       - file: /opt/so/conf/sensoroni/sensoroni.json
+
+{% else %}
+
+pcap_state_not_allowed:
+  test.fail_without_changes:
+    - name: pcap_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls
index d390a36fb..9d02dfce2 100644
--- a/salt/playbook/init.sls
+++ b/salt/playbook/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'playbook' in top_states %}
+
 {% set MANAGERIP = salt['pillar.get']('manager:mainip', '') %}
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -96,4 +101,12 @@ so-playbookruleupdatecron:
     - name: /usr/sbin/so-playbook-ruleupdate > /opt/so/log/playbook/update.log 2>&1
     - user: root
     - minute: '1'
-    - hour: '6'
\ No newline at end of file
+    - hour: '6'
+
+{% else %}
+
+playbook_state_not_allowed:
+  test.fail_without_changes:
+    - name: playbook_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/redis/init.sls b/salt/redis/init.sls
index 3f24ba079..1b7611eab 100644
--- a/salt/redis/init.sls
+++ b/salt/redis/init.sls
@@ -12,6 +12,11 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'redis' in top_states %}
+
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
@@ -64,3 +69,11 @@ so-redis:
     - entrypoint: "redis-server /usr/local/etc/redis/redis.conf"
     - watch:
       - file: /opt/so/conf/redis/etc
+
+{% else %}
+
+redis_state_not_allowed:
+  test.fail_without_changes:
+    - name: redis_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/registry/init.sls b/salt/registry/init.sls
index 6e17d639e..c98577ca2 100644
--- a/salt/registry/init.sls
+++ b/salt/registry/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'registry' in top_states %}
+
 # Create the config directory for the docker registry
 dockerregistryconfdir:
   file.directory:
@@ -51,3 +56,11 @@ so-dockerregistry:
       - /nsm/docker-registry/docker:/var/lib/registry/docker:rw
       - /etc/pki/registry.crt:/etc/pki/registry.crt:ro
       - /etc/pki/registry.key:/etc/pki/registry.key:ro
+
+{% else %}
+
+registry_state_not_allowed:
+  test.fail_without_changes:
+    - name: registry_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/salt/master.sls b/salt/salt/master.sls
index ca1bead2d..20a204909 100644
--- a/salt/salt/master.sls
+++ b/salt/salt/master.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'salt.master' in top_states %}
+
 include:
   - salt.minion
 
@@ -26,4 +31,12 @@ engines_config:
     - name: /etc/salt/minion.d/engines.conf
     - source: salt://salt/files/engines.conf
     - watch_in:
-        - service: salt_minion_service
\ No newline at end of file
+        - service: salt_minion_service
+
+{% else %}
+
+salt_master_state_not_allowed:
+  test.fail_without_changes:
+    - name: salt_master_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/soc/init.sls b/salt/soc/init.sls
index 1c25f42a1..ca40eb4f3 100644
--- a/salt/soc/init.sls
+++ b/salt/soc/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'soc' in top_states %}
+
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
@@ -98,3 +103,11 @@ so-kratos:
       - 0.0.0.0:4434:4434
     - watch:
       - file: /opt/so/conf/kratos
+
+{% else %}
+
+soc_state_not_allowed:
+  test.fail_without_changes:
+    - name: soc_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/soctopus/init.sls b/salt/soctopus/init.sls
index 39768fc42..4c04f3fd1 100644
--- a/salt/soctopus/init.sls
+++ b/salt/soctopus/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'soctopus' in top_states %}
+
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
@@ -63,3 +68,11 @@ so-soctopus:
       - 0.0.0.0:7000:7000
     - extra_hosts:
       - {{MANAGER_URL}}:{{MANAGER_IP}}
+
+{% else %}
+
+soctopus_state_not_allowed:
+  test.fail_without_changes:
+    - name: soctopus_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 416e13af5..1283c581d 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'ssl' in top_states %}
+
 {% set manager = salt['grains.get']('master') %}
 {% set managerip = salt['pillar.get']('global:managerip', '') %}
 {% set HOSTNAME = salt['grains.get']('host') %}
@@ -570,3 +575,11 @@ elastickeyperms:
     - group: 930
 
 {%- endif %}
+
+{% else %}
+
+ssl_state_not_allowed:
+  test.fail_without_changes:
+    - name: ssl_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls
index 1e87aa602..980b1e808 100644
--- a/salt/strelka/init.sls
+++ b/salt/strelka/init.sls
@@ -12,6 +12,11 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'strelka' in top_states %}
+
 {%- set MANAGER = salt['grains.get']('master') %}
 {%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
@@ -139,3 +144,11 @@ strelka_zeek_extracted_sync:
     - user: root
     - name: '[ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/ > /dev/null 2>&1'
     - minute: '*'
+
+{% else %}
+
+strelka_state_not_allowed:
+  test.fail_without_changes:
+    - name: strelka_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls
index 79e06db66..45b99586c 100644
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -12,6 +12,10 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'suricata' in top_states %}
 
 {% set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
 {% set ZEEKVER = salt['pillar.get']('global:zeekversion', '') %}
@@ -173,3 +177,11 @@ surilogrotate:
     - daymonth: '*'
     - month: '*'
     - dayweek: '*'
+
+{% else %}
+
+suricata_state_not_allowed:
+  test.fail_without_changes:
+    - name: suricata_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/tcpreplay/init.sls b/salt/tcpreplay/init.sls
index a828c72f1..2634e6c15 100644
--- a/salt/tcpreplay/init.sls
+++ b/salt/tcpreplay/init.sls
@@ -12,4 +12,10 @@ so-tcpreplay:
     - interactive: True
     - tty: True
 
+{% else %}
+
+tcpreplay_state_not_allowed:
+  test.fail_without_changes:
+    - name: tcpreplay_state_not_allowed
+
 {% endif %}
diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls
index c252cdb5b..0bbf131f7 100644
--- a/salt/telegraf/init.sls
+++ b/salt/telegraf/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'telegraf' in top_states %}
+
 {% set MANAGER = salt['grains.get']('master') %}
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -66,4 +71,12 @@ so-telegraf:
       - /opt/so/log/suricata:/var/log/suricata:ro
     - watch:
       - file: tgrafconf
-      - file: tgrafsyncscripts
\ No newline at end of file
+      - file: tgrafsyncscripts
+
+{% else %}
+
+telegraf_state_not_allowed:
+  test.fail_without_changes:
+    - name: telegraf_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/thehive/init.sls b/salt/thehive/init.sls
index ffbb50f0c..443ac9a8f 100644
--- a/salt/thehive/init.sls
+++ b/salt/thehive/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'thehive' in top_states %}
+
 {% set MANAGERIP = salt['pillar.get']('manager:mainip', '') %}
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -137,3 +142,11 @@ thehivescript:
     - cwd: /opt/so
     - template: jinja
     - hide_output: True
+
+{% else %}
+
+thehive_state_not_allowed:
+  test.fail_without_changes:
+    - name: thehive_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/utility/init.sls b/salt/utility/init.sls
index 4779f9c1d..d18ad5e1c 100644
--- a/salt/utility/init.sls
+++ b/salt/utility/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'utility' in top_states %}
+
 # This state is for checking things
 {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] %}
 # Make sure Cross Cluster is good. Will need some logic once we have hot/warm
@@ -19,3 +24,11 @@ fixsearch:
     - source: salt://utility/bin/eval
     - template: jinja
 {% endif %}
+
+{% else %}
+
+utility_state_not_allowed:
+  test.fail_without_changes:
+    - name: utility_state_not_allowed
+
+{% endif %}
diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls
index 94b16b199..f2a4ae05b 100644
--- a/salt/wazuh/init.sls
+++ b/salt/wazuh/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'wazuh' in top_states %}
+
 {%- set HOSTNAME = salt['grains.get']('host', '') %}
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -141,3 +146,11 @@ hidsruledir:
 /opt/so/rules/hids/ruleset:
   file.symlink:
     - target: /nsm/wazuh/ruleset
+
+{% else %}
+
+wazuh_state_not_allowed:
+  test.fail_without_changes:
+    - name: wazuh_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/yum/init.sls b/salt/yum/init.sls
index c91de908e..b8a4df9ee 100644
--- a/salt/yum/init.sls
+++ b/salt/yum/init.sls
@@ -1,6 +1,19 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'yum' in top_states %}
+
 yumconf:
   file.managed:
     - name: /etc/yum.conf
     - source: salt://yum/etc/yum.conf.jinja
     - mode: 644
-    - template: jinja
\ No newline at end of file
+    - template: jinja
+
+{% else %}
+
+yum_state_not_allowed:
+  test.fail_without_changes:
+    - name: yum_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls
index f6e1e999e..712ca53fd 100644
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -1,3 +1,8 @@
+{% set show_top = salt['state.show_top']() %}
+{% set top_states = show_top.values() | join(', ') %}
+
+{% if 'zeek' in top_states %}
+
 {% from "zeek/map.jinja" import START with context %}
 
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
@@ -190,4 +195,11 @@ so-zeek:
       - file: /opt/so/conf/zeek/zeekctl.cfg
       - file: /opt/so/conf/zeek/policy
       - file: /opt/so/conf/zeek/bpf
-      
\ No newline at end of file
+
+{% else %}
+
+zeek_state_not_allowed:
+  test.fail_without_changes:
+    - name: zeek_state_not_allowed
+
+{% endif %}
\ No newline at end of file