diff --git a/salt/zeek/config.sls b/salt/zeek/config.sls
index 2f58e3846..168e950cb 100644
--- a/salt/zeek/config.sls
+++ b/salt/zeek/config.sls
@@ -167,7 +167,7 @@ zeekja4cfg:
     - group: 939
     - template: jinja
     - defaults:
-        JA4PLUS: {{ ZEEKMERGED.ja4plus }}
+        JA4PLUS: {{ ZEEKMERGED.ja4plus.enabled }}
 
 # BPF compilation failed
 {% if ZEEKBPF and not ZEEK_BPF_STATUS %}
diff --git a/salt/zeek/defaults.yaml b/salt/zeek/defaults.yaml
index 033ed9919..4058b01b8 100644
--- a/salt/zeek/defaults.yaml
+++ b/salt/zeek/defaults.yaml
@@ -1,6 +1,7 @@
 zeek:
   enabled: False
-  ja4plus: False
+  ja4plus:
+    enabled: False
   config:
     node:
       lb_procs: 0
diff --git a/salt/zeek/soc_zeek.yaml b/salt/zeek/soc_zeek.yaml
index 4c9b70efb..ccb57acbb 100644
--- a/salt/zeek/soc_zeek.yaml
+++ b/salt/zeek/soc_zeek.yaml
@@ -3,10 +3,11 @@ zeek:
     description: Controls whether the Zeek (network packet inspection) process runs. Disabling this process could result in loss of network protocol metadata. If Suricata was selected as the protocol metadata engine during setup then this will already be disabled.
     helpLink: zeek
   ja4plus:
-    description: "Enables JA4+ fingerprinting (JA4S, JA4D, JA4H, JA4L, JA4SSH, JA4T, JA4TS, JA4X). By enabling this, you agree to the terms of the JA4+ license  [https://github.com/FoxIO-LLC/ja4/blob/main/LICENSE-JA4](https://github.com/FoxIO-LLC/ja4/blob/main/LICENSE-JA4)."
-    forcedType: bool
-    helpLink: zeek
-    advanced: False
+    enabled:
+      description: "Enables JA4+ fingerprinting (JA4S, JA4D, JA4H, JA4L, JA4SSH, JA4T, JA4TS, JA4X). By enabling this, you agree to the terms of the JA4+ license  [https://github.com/FoxIO-LLC/ja4/blob/main/LICENSE-JA4](https://github.com/FoxIO-LLC/ja4/blob/main/LICENSE-JA4)."
+      forcedType: bool
+      helpLink: zeek
+      advanced: False
   config:
     local:
       load: