diff --git a/salt/common/maps/import.map.jinja b/salt/common/maps/import.map.jinja
index adb266809..324536d11 100644
--- a/salt/common/maps/import.map.jinja
+++ b/salt/common/maps/import.map.jinja
@@ -5,8 +5,6 @@
     'so-soc',
     'so-kratos',
     'so-elasticsearch',
-    'so-kibana',
-    'so-suricata',
-    'so-zeek'
+    'so-kibana'
   ]
 } %}
\ No newline at end of file
diff --git a/salt/firewall/assigned_hostgroups.map.yaml b/salt/firewall/assigned_hostgroups.map.yaml
index ef9e6fe0c..b6dd7b9bc 100644
--- a/salt/firewall/assigned_hostgroups.map.yaml
+++ b/salt/firewall/assigned_hostgroups.map.yaml
@@ -506,6 +506,7 @@ role:
             portgroups:
               - {{ portgroups.beats_5044 }}
               - {{ portgroups.beats_5644 }}
+              - {{ portgroups.sensoroni }}
           search_node:
             portgroups:
               - {{ portgroups.redis }}
diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls
index 3db7a227c..135b49334 100644
--- a/salt/pcap/init.sls
+++ b/salt/pcap/init.sls
@@ -18,6 +18,7 @@
 {% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
 {% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %}
 {% set BPF_COMPILED = "" %}
+{% from "pcap/map.jinja" import START with context %}
 
 # PCAP Section
 
@@ -131,6 +132,7 @@ sensoronilog:
 so-steno:
   docker_container.running:
     - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-steno:{{ VERSION }}
+    - start: {{ START }}
     - network_mode: host
     - privileged: True
     - port_bindings:
diff --git a/salt/pcap/map.jinja b/salt/pcap/map.jinja
new file mode 100644
index 000000000..ad4d70e80
--- /dev/null
+++ b/salt/pcap/map.jinja
@@ -0,0 +1,6 @@
+# don't start the docker container if it is an import node
+{% if grains.id.split('_')|last == 'import' %}
+  {% set START = False %}
+{% else %}
+  {% set START = True %}
+{% endif %}
\ No newline at end of file
diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls
index 783f174ca..a15255af1 100644
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -23,6 +23,7 @@
 
 {# import_yaml 'suricata/files/defaults2.yaml' as suricata #}
 {% from 'suricata/suricata_config.map.jinja' import suricata_defaults as suricata_config with context %}
+{% from "suricata/map.jinja" import START with context %}
 
 # Suricata
 
@@ -134,6 +135,7 @@ suribpf:
 so-suricata:
   docker_container.running:
     - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-suricata:{{ VERSION }}
+    - start: {{ START }}
     - privileged: True
     - environment:
       - INTERFACE={{ interface }}
diff --git a/salt/suricata/map.jinja b/salt/suricata/map.jinja
new file mode 100644
index 000000000..ad4d70e80
--- /dev/null
+++ b/salt/suricata/map.jinja
@@ -0,0 +1,6 @@
+# don't start the docker container if it is an import node
+{% if grains.id.split('_')|last == 'import' %}
+  {% set START = False %}
+{% else %}
+  {% set START = True %}
+{% endif %}
\ No newline at end of file
diff --git a/salt/top.sls b/salt/top.sls
index 01eed5343..4b560c3c1 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -399,6 +399,7 @@ base:
     - firewall
     - idstools
     - suricata.manager
+    - pcap
     - elasticsearch
     - kibana
     - filebeat
diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls
index 8743878da..f6e1e999e 100644
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -1,3 +1,5 @@
+{% from "zeek/map.jinja" import START with context %}
+
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
@@ -167,6 +169,7 @@ localzeeksync:
 so-zeek:
   docker_container.running:
     - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-zeek:{{ VERSION }}
+    - start: {{ START }}
     - privileged: True
     - binds:
       - /nsm/zeek/logs:/nsm/zeek/logs:rw
diff --git a/salt/zeek/map.jinja b/salt/zeek/map.jinja
new file mode 100644
index 000000000..ad4d70e80
--- /dev/null
+++ b/salt/zeek/map.jinja
@@ -0,0 +1,6 @@
+# don't start the docker container if it is an import node
+{% if grains.id.split('_')|last == 'import' %}
+  {% set START = False %}
+{% else %}
+  {% set START = True %}
+{% endif %}
\ No newline at end of file
diff --git a/setup/so-functions b/setup/so-functions
index 95409b84a..778d1a21d 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -804,6 +804,7 @@ docker_seed_registry() {
 			"so-filebeat:$VERSION" \
 			"so-suricata:$VERSION" \
 			"so-soc:$VERSION" \
+			"so-steno:$VERSION" \
 			"so-elasticsearch:$VERSION" \
 			"so-kibana:$VERSION" \
 			"so-kratos:$VERSION" \
diff --git a/setup/so-setup b/setup/so-setup
index e99ab399b..a29099ff3 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -577,7 +577,7 @@ fi
 		salt-call state.apply -l info elasticsearch >> $setup_log 2>&1
 	fi
 
-	if [[ $is_sensor ]]; then
+	if [[ $is_sensor || $is_import ]]; then
 		set_progress_str 65 "$(print_salt_state_apply 'pcap')"
 		salt-call state.apply -l info pcap >> $setup_log 2>&1
 	fi