diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index 0d5fd174d..7ff009495 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -389,6 +389,17 @@ enable_standard_analyst_3000_{{ip}}:
     - position: 1
     - save: True
 
+enable_standard_analyst_7000_{{ip}}:
+  iptables.insert:
+    - table: filter
+    - chain: DOCKER-USER
+    - jump: ACCEPT
+    - proto: tcp
+    - source: {{ ip }}
+    - dport: 7000
+    - position: 1
+    - save: True
+
 enable_standard_analyst_9000_{{ip}}:
   iptables.insert:
     - table: filter
diff --git a/salt/soctopus/files/SOCtopus.conf b/salt/soctopus/files/SOCtopus.conf
new file mode 100644
index 000000000..eb766755f
--- /dev/null
+++ b/salt/soctopus/files/SOCtopus.conf
@@ -0,0 +1,12 @@
+{%- set ip = salt['pillar.get']('static:masterip', '') %}
+
+[es]
+es_url = http://{{ ip }}:9200
+
+[hive]
+hive_url = http://{{ ip }}:9000
+hive_key = YOURHIVEAPIKEYHERE -- TO LATER BE REPLACED BY JINJA
+
+[log]
+logfile = /tmp/soctopus.log
+
diff --git a/salt/soctopus/init.sls b/salt/soctopus/init.sls
new file mode 100644
index 000000000..e811b587b
--- /dev/null
+++ b/salt/soctopus/init.sls
@@ -0,0 +1,24 @@
+soctopusdir:
+  file.directory:
+    - name: /opt/so/conf/soctopus
+    - user: 939
+    - group: 939
+    - makedirs: True
+
+soctopussync:
+  file.recurse:
+    - name: /opt/so/conf/soctopus
+    - source: salt://soctopus/files
+    - user: 939
+    - group: 939
+    - template: jinja
+
+so-soctopus:
+  docker_container.running:
+    - image: wlambert/soctopus
+    - hostname: soctopus
+    - binds:
+      - /opt/so/conf/soctopus/SOCtopus.conf:/SOCtopus/SOCtopus.conf:ro
+    - port_bindings:
+      - 0.0.0.0:7000:7000
+