diff --git a/salt/common/tools/sbin/so-allow b/salt/common/tools/sbin/so-allow
index 6e0cd1763..61df47fd0 100755
--- a/salt/common/tools/sbin/so-allow
+++ b/salt/common/tools/sbin/so-allow
@@ -86,14 +86,14 @@ echo "Adding $IP to the $FULLROLE role. This can take a few seconds"
 if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then
     # If analyst, add to Wazuh AR whitelist
     if [ "$FULLROLE" == "analyst" ]; then
-          WAZUH_MGR_CFG="/opt/so/conf/wazuh/etc/ossec.conf"
+          WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf"
           if ! grep -q "<white_list>$IP</white_list>" $WAZUH_MGR_CFG ; then
                   DATE=`date`
                   sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG
                   sed -i '/^$/N;/^\n$/D' $WAZUH_MGR_CFG
                   echo -e "<!--Address $IP added by /usr/sbin/so-allow on "$DATE"-->\n  <global>\n    <white_list>$IP</white_list>\n  </global>\n</ossec_config>" >> $WAZUH_MGR_CFG
                   echo "Added whitelist entry for $IP in $WAZUH_MGR_CFG."
-                  echo
+		  echo
                   echo "Restarting OSSEC Server..."
                   /usr/sbin/so-wazuh-restart
           fi
diff --git a/salt/top.sls b/salt/top.sls
index 6f7763c62..4af085ae1 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -56,6 +56,9 @@ base:
     {%- if OSQUERY != 0 %}
     - mysql
     {%- endif %}
+    {%- if WAZUH != 0 %}
+    - wazuh
+    {%- endif %}
     - elasticsearch
     - logstash
     - kibana
@@ -69,9 +72,6 @@ base:
     - redis
     - launcher
     {%- endif %}
-    {%- if WAZUH != 0 %}
-    - wazuh
-    {%- endif %}
     - utility
     - schedule
     - soctopus
@@ -103,13 +103,13 @@ base:
     {%- if OSQUERY != 0 %}
     - mysql
     {%- endif %}
+    {%- if WAZUH != 0 %}
+    - wazuh
+    {%- endif %}
     - elasticsearch
     - logstash
     - kibana
     - elastalert
-    {%- if WAZUH != 0 %}
-    - wazuh
-    {%- endif %}
     - filebeat
     - utility
     - schedule
@@ -171,12 +171,12 @@ base:
     - ssl
     - common
     - firewall
-    - logstash
-    - elasticsearch
-    - curator
     {%- if WAZUH != 0 %}
     - wazuh
     {%- endif %}
+    - logstash
+    - elasticsearch
+    - curator
     - filebeat
     {%- if OSQUERY != 0 %}
     - launcher
@@ -209,14 +209,14 @@ base:
     {%- if OSQUERY != 0 %}
     - mysql
     {%- endif %}
+    {%- if WAZUH != 0 %}
+    - wazuh
+    {%- endif %}
     - logstash
     - elasticsearch
     - curator
     - kibana
     - elastalert
-    {%- if WAZUH != 0 %}
-    - wazuh
-    {%- endif %}
     - filebeat
     - utility
     - schedule
@@ -244,12 +244,12 @@ base:
     - common
     - firewall
     - redis
-    - logstash
-    - elasticsearch
-    - curator
     {%- if WAZUH != 0 %}
     - wazuh
     {%- endif %}
+    - logstash
+    - elasticsearch
+    - curator
     - filebeat
     {%- if OSQUERY != 0 %}
     - launcher
diff --git a/salt/wazuh/files/wazuh-manager-whitelist b/salt/wazuh/files/wazuh-manager-whitelist
index ac804e447..ab4b15fd0 100755
--- a/salt/wazuh/files/wazuh-manager-whitelist
+++ b/salt/wazuh/files/wazuh-manager-whitelist
@@ -18,7 +18,7 @@
 
 # Check if Wazuh enabled
 if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then
-      WAZUH_MGR_CFG="/opt/so/conf/wazuh/etc/ossec.conf"
+      WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf"
       if ! grep -q "<white_list>{{ MASTERIP }}</white_list>" $WAZUH_MGR_CFG ; then
               DATE=`date`
               sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG
diff --git a/setup/so-setup b/setup/so-setup
index 4fd81629e..6d86a0b7a 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -382,15 +382,15 @@ if (whiptail_you_sure) ; then
         echo -e "XXX\n41\nInstalling MySQL... \nXXX"
         salt-call state.apply mysql >> $SETUPLOG 2>&1
       fi
+      if [[ $WAZUH == '1' ]]; then
+        echo -e "XXX\n68\nInstalling Wazuh... \nXXX"
+        salt-call state.apply wazuh >> $SETUPLOG 2>&1
+      fi
       echo -e "XXX\n45\nInstalling Elastic Components... \nXXX"
       salt-call state.apply elasticsearch >> $SETUPLOG 2>&1
       salt-call state.apply logstash >> $SETUPLOG 2>&1
       salt-call state.apply kibana >> $SETUPLOG 2>&1
       salt-call state.apply elastalert >> $SETUPLOG 2>&1
-      if [[ $WAZUH == '1' ]]; then
-        echo -e "XXX\n68\nInstalling Wazuh... \nXXX"
-        salt-call state.apply wazuh >> $SETUPLOG 2>&1
-      fi
       echo -e "XXX\n75\nInstalling Filebeat... \nXXX"
       salt-call state.apply filebeat >> $SETUPLOG 2>&1
       salt-call state.apply utility >> $SETUPLOG 2>&1
@@ -649,6 +649,10 @@ if (whiptail_you_sure) ; then
       if [[ $OSQUERY == '1' ]]; then
         salt-call state.apply mysql >> $SETUPLOG 2>&1
       fi
+      if [[ $WAZUH == '1' ]]; then
+        echo -e "XXX\n65\nInstalling Wazuh components... \nXXX"
+        salt-call state.apply wazuh >> $SETUPLOG 2>&1
+      fi
       echo -e "XXX\n35\nInstalling ElasticSearch... \nXXX"
       salt-call state.apply elasticsearch >> $SETUPLOG 2>&1
       echo -e "XXX\n40\nInstalling Logstash... \nXXX"
@@ -674,10 +678,6 @@ if (whiptail_you_sure) ; then
         salt-call state.apply fleet >> $SETUPLOG 2>&1
         salt-call state.apply redis >> $SETUPLOG 2>&1
       fi
-      if [[ $WAZUH == '1' ]]; then
-        echo -e "XXX\n65\nInstalling Wazuh components... \nXXX"
-        salt-call state.apply wazuh >> $SETUPLOG 2>&1
-      fi
       echo -e "XXX\n85\nInstalling filebeat... \nXXX"
       salt-call state.apply filebeat >> $SETUPLOG 2>&1
       salt-call state.apply utility >> $SETUPLOG 2>&1