ja4plus nest enabled under ja4plus key for defaults

salt/zeek/config.sls

@@ -167,7 +167,7 @@ zeekja4cfg:
     - group: 939
     - template: jinja
     - defaults:
-        JA4PLUS: {{ ZEEKMERGED.ja4plus }}
+        JA4PLUS: {{ ZEEKMERGED.ja4plus.enabled }}
 
 # BPF compilation failed
 {% if ZEEKBPF and not ZEEK_BPF_STATUS %}

salt/zeek/defaults.yaml

@@ -1,6 +1,7 @@
 zeek:
   enabled: False
-  ja4plus: False
+  ja4plus:
+    enabled: False
   config:
     node:
       lb_procs: 0

salt/zeek/soc_zeek.yaml

@@ -3,10 +3,11 @@ zeek:
     description: Controls whether the Zeek (network packet inspection) process runs. Disabling this process could result in loss of network protocol metadata. If Suricata was selected as the protocol metadata engine during setup then this will already be disabled.
     helpLink: zeek
   ja4plus:
-    description: "Enables JA4+ fingerprinting (JA4S, JA4D, JA4H, JA4L, JA4SSH, JA4T, JA4TS, JA4X). By enabling this, you agree to the terms of the JA4+ license  [https://github.com/FoxIO-LLC/ja4/blob/main/LICENSE-JA4](https://github.com/FoxIO-LLC/ja4/blob/main/LICENSE-JA4)."
-    forcedType: bool
-    helpLink: zeek
-    advanced: False
+    enabled:
+      description: "Enables JA4+ fingerprinting (JA4S, JA4D, JA4H, JA4L, JA4SSH, JA4T, JA4TS, JA4X). By enabling this, you agree to the terms of the JA4+ license  [https://github.com/FoxIO-LLC/ja4/blob/main/LICENSE-JA4](https://github.com/FoxIO-LLC/ja4/blob/main/LICENSE-JA4)."
+      forcedType: bool
+      helpLink: zeek
+      advanced: False
   config:
     local:
       load: