diff --git a/salt/strelka/files/filestream/filestream.yaml b/salt/strelka/files/filestream/filestream.yaml
index 0661cabfa..aa5d51ad1 100644
--- a/salt/strelka/files/filestream/filestream.yaml
+++ b/salt/strelka/files/filestream/filestream.yaml
@@ -16,7 +16,7 @@ throughput:
   delay: 0s
 files:
   patterns:
-    - '/nsm/strelka/*'
+    - '/nsm/strelka/unprocessed/*'
   delete: false
   gatekeeper: true
 response:
diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls
index 8748cbe50..339b5d434 100644
--- a/salt/strelka/init.sls
+++ b/salt/strelka/init.sls
@@ -72,13 +72,20 @@ strelkalogdir:
     - group: 939
     - makedirs: True
 
-strelkastagedir:
+strelkaprocessed:
    file.directory:
     - name: /nsm/strelka/processed
     - user: 939
     - group: 939
     - makedirs: True
 
+strelkaunprocessed:
+   file.directory:
+    - name: /nsm/strelka/unprocessed
+    - user: 939
+    - group: 939
+    - makedirs: True
+
 strelka_coordinator:
   docker_container.running:
     - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }}
@@ -163,11 +170,18 @@ append_so-strelka-filestream_so-status.conf:
   file.append:
     - name: /opt/so/conf/so-status/so-status.conf
     - text: so-strelka-filestream
-    
+
+strelka_zeek_extracted_sync_old:
+  cron.absent:
+    - user: root
+    - name: '[ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/ > /dev/null 2>&1'
+    - minute: '*'
+
 strelka_zeek_extracted_sync:
   cron.present:
     - user: root
-    - name: '[ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/ > /dev/null 2>&1'
+    - identifier: zeek-extracted-strelka-sync
+    - name: '[ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/unprocessed/ > /dev/null 2>&1'
     - minute: '*'
 
 {% else %}
@@ -176,4 +190,4 @@ strelka_state_not_allowed:
   test.fail_without_changes:
     - name: strelka_state_not_allowed
 
-{% endif %}
\ No newline at end of file
+{% endif %}