diff --git a/salt/common/tools/sbin/so-nodered-restart b/salt/common/tools/sbin/so-nodered-restart
deleted file mode 100755
index 06060b764..000000000
--- a/salt/common/tools/sbin/so-nodered-restart
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-
-# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
-# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
-# https://securityonion.net/license; you may not use this file except in compliance with the
-# Elastic License 2.0.
-
-
-
-. /usr/sbin/so-common
-
-/usr/sbin/so-restart nodered $1
diff --git a/salt/common/tools/sbin/so-nodered-start b/salt/common/tools/sbin/so-nodered-start
deleted file mode 100755
index f5ab36c80..000000000
--- a/salt/common/tools/sbin/so-nodered-start
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-
-# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
-# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
-# https://securityonion.net/license; you may not use this file except in compliance with the
-# Elastic License 2.0.
-
-
-
-. /usr/sbin/so-common
-
-/usr/sbin/so-start nodered $1
-
diff --git a/salt/common/tools/sbin/so-nodered-stop b/salt/common/tools/sbin/so-nodered-stop
deleted file mode 100755
index 0286a175c..000000000
--- a/salt/common/tools/sbin/so-nodered-stop
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-
-# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
-# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
-# https://securityonion.net/license; you may not use this file except in compliance with the
-# Elastic License 2.0.
-
-
-
-. /usr/sbin/so-common
-
-/usr/sbin/so-stop nodered $1
diff --git a/salt/curator/files/bin/so-curator-close b/salt/curator/tools/sbin/so-curator-close
similarity index 100%
rename from salt/curator/files/bin/so-curator-close
rename to salt/curator/tools/sbin/so-curator-close
diff --git a/salt/curator/files/bin/so-curator-cluster-close b/salt/curator/tools/sbin/so-curator-cluster-close
similarity index 100%
rename from salt/curator/files/bin/so-curator-cluster-close
rename to salt/curator/tools/sbin/so-curator-cluster-close
diff --git a/salt/curator/files/bin/so-curator-cluster-delete b/salt/curator/tools/sbin/so-curator-cluster-delete
similarity index 100%
rename from salt/curator/files/bin/so-curator-cluster-delete
rename to salt/curator/tools/sbin/so-curator-cluster-delete
diff --git a/salt/curator/files/bin/so-curator-cluster-delete-delete b/salt/curator/tools/sbin/so-curator-cluster-delete-delete
similarity index 100%
rename from salt/curator/files/bin/so-curator-cluster-delete-delete
rename to salt/curator/tools/sbin/so-curator-cluster-delete-delete
diff --git a/salt/curator/files/bin/so-curator-delete b/salt/curator/tools/sbin/so-curator-delete
similarity index 100%
rename from salt/curator/files/bin/so-curator-delete
rename to salt/curator/tools/sbin/so-curator-delete
diff --git a/salt/curator/files/bin/so-curator-restart b/salt/curator/tools/sbin/so-curator-restart
similarity index 100%
rename from salt/curator/files/bin/so-curator-restart
rename to salt/curator/tools/sbin/so-curator-restart
diff --git a/salt/curator/files/bin/so-curator-start b/salt/curator/tools/sbin/so-curator-start
similarity index 100%
rename from salt/curator/files/bin/so-curator-start
rename to salt/curator/tools/sbin/so-curator-start
diff --git a/salt/curator/files/bin/so-curator-stop b/salt/curator/tools/sbin/so-curator-stop
similarity index 100%
rename from salt/curator/files/bin/so-curator-stop
rename to salt/curator/tools/sbin/so-curator-stop
diff --git a/salt/elastalert/bin/so-elastalert-create b/salt/elastalert/tools/sbin/so-elastalert-create
similarity index 100%
rename from salt/elastalert/bin/so-elastalert-create
rename to salt/elastalert/tools/sbin/so-elastalert-create
diff --git a/salt/elastalert/bin/so-elastalert-restart b/salt/elastalert/tools/sbin/so-elastalert-restart
similarity index 100%
rename from salt/elastalert/bin/so-elastalert-restart
rename to salt/elastalert/tools/sbin/so-elastalert-restart
diff --git a/salt/elastalert/bin/so-elastalert-start b/salt/elastalert/tools/sbin/so-elastalert-start
similarity index 100%
rename from salt/elastalert/bin/so-elastalert-start
rename to salt/elastalert/tools/sbin/so-elastalert-start
diff --git a/salt/elastalert/bin/so-elastalert-stop b/salt/elastalert/tools/sbin/so-elastalert-stop
similarity index 100%
rename from salt/elastalert/bin/so-elastalert-stop
rename to salt/elastalert/tools/sbin/so-elastalert-stop
diff --git a/salt/elastalert/bin/so-elastalert-test b/salt/elastalert/tools/sbin/so-elastalert-test
similarity index 100%
rename from salt/elastalert/bin/so-elastalert-test
rename to salt/elastalert/tools/sbin/so-elastalert-test
diff --git a/salt/common/tools/sbin/so-elastic-fleet-agent-policy-delete b/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-delete
similarity index 100%
rename from salt/common/tools/sbin/so-elastic-fleet-agent-policy-delete
rename to salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-delete
diff --git a/salt/common/tools/sbin/so-elastic-fleet-agent-policy-list b/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-list
similarity index 100%
rename from salt/common/tools/sbin/so-elastic-fleet-agent-policy-list
rename to salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-list
diff --git a/salt/common/tools/sbin/so-elastic-fleet-agent-policy-view b/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-view
similarity index 100%
rename from salt/common/tools/sbin/so-elastic-fleet-agent-policy-view
rename to salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-view
diff --git a/salt/common/tools/sbin/so-elastic-fleet-data-streams-list b/salt/elasticfleet/tools/sbin/so-elastic-fleet-data-streams-list
similarity index 100%
rename from salt/common/tools/sbin/so-elastic-fleet-data-streams-list
rename to salt/elasticfleet/tools/sbin/so-elastic-fleet-data-streams-list
diff --git a/salt/common/tools/sbin/so-elastic-fleet-integration-policy-bulk-delete b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-bulk-delete
similarity index 100%
rename from salt/common/tools/sbin/so-elastic-fleet-integration-policy-bulk-delete
rename to salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-bulk-delete
diff --git a/salt/common/tools/sbin/so-elastic-fleet-integration-policy-delete b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-delete
similarity index 100%
rename from salt/common/tools/sbin/so-elastic-fleet-integration-policy-delete
rename to salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-delete
diff --git a/salt/common/tools/sbin/so-elastic-fleet-integration-policy-list b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-list
similarity index 100%
rename from salt/common/tools/sbin/so-elastic-fleet-integration-policy-list
rename to salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-list
diff --git a/salt/common/tools/sbin/so-elastic-fleet-integration-policy-load b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-load
similarity index 100%
rename from salt/common/tools/sbin/so-elastic-fleet-integration-policy-load
rename to salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-load
diff --git a/salt/common/tools/sbin/so-elastic-fleet-restart b/salt/elasticfleet/tools/sbin/so-elastic-fleet-restart
similarity index 100%
rename from salt/common/tools/sbin/so-elastic-fleet-restart
rename to salt/elasticfleet/tools/sbin/so-elastic-fleet-restart
diff --git a/salt/common/tools/sbin/so-elastic-fleet-setup b/salt/elasticfleet/tools/sbin/so-elastic-fleet-setup
similarity index 100%
rename from salt/common/tools/sbin/so-elastic-fleet-setup
rename to salt/elasticfleet/tools/sbin/so-elastic-fleet-setup
diff --git a/salt/common/tools/sbin/so-elastic-fleet-start b/salt/elasticfleet/tools/sbin/so-elastic-fleet-start
similarity index 100%
rename from salt/common/tools/sbin/so-elastic-fleet-start
rename to salt/elasticfleet/tools/sbin/so-elastic-fleet-start
diff --git a/salt/common/tools/sbin/so-elastic-fleet-stop b/salt/elasticfleet/tools/sbin/so-elastic-fleet-stop
similarity index 100%
rename from salt/common/tools/sbin/so-elastic-fleet-stop
rename to salt/elasticfleet/tools/sbin/so-elastic-fleet-stop
diff --git a/salt/elasticsearch/tools/sbin/so-elastic-clear b/salt/elasticsearch/tools/sbin/so-elastic-clear
new file mode 100755
index 000000000..f491fb62f
--- /dev/null
+++ b/salt/elasticsearch/tools/sbin/so-elastic-clear
@@ -0,0 +1,154 @@
+#!/bin/bash
+#
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+{%- set NODEIP = salt['pillar.get']('host:mainip', '') %}
+. /usr/sbin/so-common
+
+SKIP=0
+#########################################
+# Options
+#########################################
+usage()
+{
+cat <<EOF
+Security Onion Elastic Clear
+  Options:
+  -h         This message
+  -y         Skip interactive mode
+EOF
+}
+while getopts "h:cdely" OPTION
+do
+        case $OPTION in
+                h)
+                        usage
+                        exit 0
+                        ;;
+                c)
+			DELETE_CASES_DATA=1
+			SKIP=1
+                        ;;
+                d)
+			DONT_STOP_SERVICES=1
+                        SKIP=1
+			;;
+                e)
+			DELETE_ELASTALERT_DATA=1
+                        SKIP=1
+                        ;;
+		l)
+			DELETE_LOG_DATA=1
+			SKIP=1
+			;;
+                y)
+                        DELETE_CASES_DATA=1
+                        DELETE_ELASTALERT_DATA=1
+			DELETE_LOG_DATA=1
+			SKIP=1
+                        ;;
+                *)
+                        usage
+                        exit 0
+                        ;;
+        esac
+done
+if [ $SKIP -ne 1 ]; then
+        # List indices
+        echo 
+        curl -K /opt/so/conf/elasticsearch/curl.config -k -L https://{{ NODEIP }}:9200/_cat/indices?v
+        echo
+        # Inform user we are about to delete all data
+        echo
+        echo "This script will delete all data (documents, indices, etc.) in the Elasticsearch database."
+        echo
+        echo "If you would like to proceed, please type "AGREE" and hit ENTER."
+        echo
+        # Read user input
+        read INPUT
+        if [ "$INPUT" != "AGREE" ] ; then exit 0; fi
+fi
+
+
+if [ -z "$DONT_STOP_SERVICES" ]; then
+	# Stop Elastic Agent
+	for i in $(pgrep elastic-agent | grep -v grep); do
+		kill -9 $i;
+	done 
+
+	# Check to see if Elastic Fleet, Logstash, Elastalert are running
+	#EF_ENABLED=$(so-status | grep elastic-fleet)
+	LS_ENABLED=$(so-status | grep logstash)
+	EA_ENABLED=$(so-status | grep elastalert)
+
+	#if [ ! -z "$EF_ENABLED" ]; then
+        #	/usr/sbin/so-elastic-fleet-stop
+	#fi
+
+	if [ ! -z "$LS_ENABLED" ]; then
+        	/usr/sbin/so-logstash-stop
+	fi
+
+	if [ ! -z "$EA_ENABLED" ]; then
+        	/usr/sbin/so-elastalert-stop
+	fi
+fi
+
+if [ ! -z "$DELETE_CASES_DATA" ]; then
+        # Delete Cases data
+        echo "Deleting Cases data..."
+        INDXS=$(/usr/sbin/so-elasticsearch-query _cat/indices?h=index | grep "so-case")
+        for INDX in ${INDXS}
+        do
+                echo "Deleting $INDX"
+                /usr/sbin/so-elasticsearch-query ${INDX} -XDELETE > /dev/null 2>&1
+        done
+fi
+
+# Delete Elastalert data
+if [ ! -z "$DELETE_ELASTALERT_DATA" ]; then
+        # Delete Elastalert data
+        echo "Deleting Elastalert data..."
+        INDXS=$(/usr/sbin/so-elasticsearch-query _cat/indices?h=index | grep "elastalert")
+        for INDX in ${INDXS}
+        do
+                echo "Deleting $INDX"
+                /usr/sbin/so-elasticsearch-query ${INDX} -XDELETE > /dev/null 2>&1
+        done
+fi
+
+# Delete log data
+if [ ! -z "$DELETE_LOG_DATA" ]; then
+	echo "Deleting log data ..."
+	DATASTREAMS=$(/usr/sbin/so-elasticsearch-query _data_stream | jq -r '.[] |.[].name')
+	for DATASTREAM in ${DATASTREAMS}
+	do
+		# Delete the data stream
+        	echo "Deleting $DATASTREAM..."
+        	/usr/sbin/so-elasticsearch-query _data_stream/${DATASTREAM} -XDELETE > /dev/null 2>&1
+	done
+fi
+
+if [ -z "$DONT_STOP_SERVICES" ]; then
+	#Start Logstash
+	if [ ! -z "$LS_ENABLED" ]; then
+        	/usr/sbin/so-logstash-start
+
+	fi
+
+	#Start Elastic Fleet
+	#if [ ! -z "$EF_ENABLED" ]; then
+        # 	/usr/sbin/so-elastic-fleet-start
+	#fi
+
+	#Start Elastalert
+	if [ ! -z "$EA_ENABLED" ]; then
+        	/usr/sbin/so-elastalert-start
+	fi
+
+	# Start Elastic Agent
+	/usr/bin/elastic-agent restart
+fi
diff --git a/salt/elasticsearch/tools/sbin/so-elastic-diagnose b/salt/elasticsearch/tools/sbin/so-elastic-diagnose
new file mode 100755
index 000000000..a94384fe8
--- /dev/null
+++ b/salt/elasticsearch/tools/sbin/so-elastic-diagnose
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+# Source common settings
+. /usr/sbin/so-common
+
+# Check for log files
+for FILE in /opt/so/log/elasticsearch/*.log /opt/so/log/logstash/*.log /opt/so/log/kibana/*.log /opt/so/log/elastalert/*.log /opt/so/log/curator/*.log /opt/so/log/freqserver/*.log /opt/so/log/nginx/*.log; do
+
+# If file exists, then look for errors or warnings 
+if [ -f $FILE ]; then
+	MESSAGE=`grep -i 'ERROR\|FAIL\|WARN' $FILE` 
+	if [ ! -z "$MESSAGE" ]; then
+		header $FILE
+		echo $MESSAGE | sed 's/WARN/\nWARN/g' | sed 's/WARNING/\nWARNING/g' | sed 's/ERROR/\nERROR/g' | sort | uniq -c | sort -nr
+		echo
+	fi
+fi
+done
diff --git a/salt/elasticsearch/tools/sbin/so-elastic-restart b/salt/elasticsearch/tools/sbin/so-elastic-restart
new file mode 100755
index 000000000..67988193f
--- /dev/null
+++ b/salt/elasticsearch/tools/sbin/so-elastic-restart
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+
+{%- if grains['role'] in ['so-eval','so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode', 'so-import']%}
+/usr/sbin/so-restart elasticsearch $1
+{%- endif %}
+
+{%- if grains['role'] in ['so-eval', 'so-manager', 'so-managersearch', 'so-standalone', 'so-import']%}
+/usr/sbin/so-restart kibana $1
+{%- endif %}
+
+{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%}
+/usr/sbin/so-restart logstash $1
+{%- endif %}
+
+{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%}
+/usr/sbin/so-restart curator $1
+{%- endif %}
+
+{%- if grains['role'] in ['so-eval','so-manager', 'so-managersearch', 'so-standalone']%}
+/usr/sbin/so-restart elastalert $1
+{%- endif %}
diff --git a/salt/elasticsearch/tools/sbin/so-elastic-start b/salt/elasticsearch/tools/sbin/so-elastic-start
new file mode 100755
index 000000000..fd78d1859
--- /dev/null
+++ b/salt/elasticsearch/tools/sbin/so-elastic-start
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+
+{%- if grains['role'] in ['so-eval','so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode', 'so-import']%}
+/usr/sbin/so-start elasticsearch $1
+{%- endif %}
+
+{%- if grains['role'] in ['so-eval', 'so-manager', 'so-managersearch', 'so-standalone', 'so-import']%}
+/usr/sbin/so-start kibana $1
+{%- endif %}
+
+{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%}
+/usr/sbin/so-start logstash $1
+{%- endif %}
+
+{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%}
+/usr/sbin/so-start curator $1
+{%- endif %}
+
+{%- if grains['role'] in ['so-eval','so-manager', 'so-managersearch', 'so-standalone']%}
+/usr/sbin/so-start elastalert $1
+{%- endif %}
diff --git a/salt/elasticsearch/tools/sbin/so-elastic-stop b/salt/elasticsearch/tools/sbin/so-elastic-stop
new file mode 100755
index 000000000..88350a8fe
--- /dev/null
+++ b/salt/elasticsearch/tools/sbin/so-elastic-stop
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+
+{%- if grains['role'] in ['so-eval','so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode', 'so-import']%}
+/usr/sbin/so-stop elasticsearch $1
+{%- endif %}
+
+{%- if grains['role'] in ['so-eval', 'so-manager', 'so-managersearch', 'so-standalone', 'so-import']%}
+/usr/sbin/so-stop kibana $1
+{%- endif %}
+
+{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%}
+/usr/sbin/so-stop logstash $1
+{%- endif %}
+
+{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%}
+/usr/sbin/so-stop curator $1
+{%- endif %}
+
+{%- if grains['role'] in ['so-eval','so-manager', 'so-managersearch', 'so-standalone']%}
+/usr/sbin/so-stop elastalert $1
+{%- endif %}
diff --git a/salt/common/tools/sbin/so-idh-restart b/salt/idh/tools/sbin/so-idh-restart
similarity index 100%
rename from salt/common/tools/sbin/so-idh-restart
rename to salt/idh/tools/sbin/so-idh-restart
diff --git a/salt/common/tools/sbin/so-idh-start b/salt/idh/tools/sbin/so-idh-start
similarity index 100%
rename from salt/common/tools/sbin/so-idh-start
rename to salt/idh/tools/sbin/so-idh-start
diff --git a/salt/common/tools/sbin/so-idh-stop b/salt/idh/tools/sbin/so-idh-stop
similarity index 100%
rename from salt/common/tools/sbin/so-idh-stop
rename to salt/idh/tools/sbin/so-idh-stop
diff --git a/salt/idstools/bin/so-idstools-restart b/salt/idstools/tools/sbin/so-idstools-restart
similarity index 100%
rename from salt/idstools/bin/so-idstools-restart
rename to salt/idstools/tools/sbin/so-idstools-restart
diff --git a/salt/idstools/bin/so-idstools-start b/salt/idstools/tools/sbin/so-idstools-start
similarity index 100%
rename from salt/idstools/bin/so-idstools-start
rename to salt/idstools/tools/sbin/so-idstools-start
diff --git a/salt/idstools/bin/so-idstools-stop b/salt/idstools/tools/sbin/so-idstools-stop
similarity index 100%
rename from salt/idstools/bin/so-idstools-stop
rename to salt/idstools/tools/sbin/so-idstools-stop
diff --git a/salt/common/tools/sbin/so-influxdb-manage b/salt/influxdb/tools/sbin/so-influxdb-manage
similarity index 100%
rename from salt/common/tools/sbin/so-influxdb-manage
rename to salt/influxdb/tools/sbin/so-influxdb-manage
diff --git a/salt/common/tools/sbin/so-influxdb-restart b/salt/influxdb/tools/sbin/so-influxdb-restart
similarity index 100%
rename from salt/common/tools/sbin/so-influxdb-restart
rename to salt/influxdb/tools/sbin/so-influxdb-restart
diff --git a/salt/common/tools/sbin/so-influxdb-start b/salt/influxdb/tools/sbin/so-influxdb-start
similarity index 100%
rename from salt/common/tools/sbin/so-influxdb-start
rename to salt/influxdb/tools/sbin/so-influxdb-start
diff --git a/salt/common/tools/sbin/so-influxdb-stop b/salt/influxdb/tools/sbin/so-influxdb-stop
similarity index 100%
rename from salt/common/tools/sbin/so-influxdb-stop
rename to salt/influxdb/tools/sbin/so-influxdb-stop
diff --git a/salt/common/tools/sbin/so-kibana-config-export b/salt/kibana/tools/sbin/so-kibana-config-export
similarity index 100%
rename from salt/common/tools/sbin/so-kibana-config-export
rename to salt/kibana/tools/sbin/so-kibana-config-export
diff --git a/salt/kibana/bin/so-kibana-config-load b/salt/kibana/tools/sbin/so-kibana-config-load
similarity index 100%
rename from salt/kibana/bin/so-kibana-config-load
rename to salt/kibana/tools/sbin/so-kibana-config-load
diff --git a/salt/common/tools/sbin/so-kibana-restart b/salt/kibana/tools/sbin/so-kibana-restart
similarity index 100%
rename from salt/common/tools/sbin/so-kibana-restart
rename to salt/kibana/tools/sbin/so-kibana-restart
diff --git a/salt/common/tools/sbin/so-kibana-savedobjects-defaults b/salt/kibana/tools/sbin/so-kibana-savedobjects-defaults
similarity index 100%
rename from salt/common/tools/sbin/so-kibana-savedobjects-defaults
rename to salt/kibana/tools/sbin/so-kibana-savedobjects-defaults
diff --git a/salt/common/tools/sbin/so-kibana-space-defaults b/salt/kibana/tools/sbin/so-kibana-space-defaults
similarity index 100%
rename from salt/common/tools/sbin/so-kibana-space-defaults
rename to salt/kibana/tools/sbin/so-kibana-space-defaults
diff --git a/salt/common/tools/sbin/so-kibana-start b/salt/kibana/tools/sbin/so-kibana-start
similarity index 100%
rename from salt/common/tools/sbin/so-kibana-start
rename to salt/kibana/tools/sbin/so-kibana-start
diff --git a/salt/common/tools/sbin/so-kibana-stop b/salt/kibana/tools/sbin/so-kibana-stop
similarity index 100%
rename from salt/common/tools/sbin/so-kibana-stop
rename to salt/kibana/tools/sbin/so-kibana-stop
diff --git a/salt/common/tools/sbin/so-logstash-events b/salt/logstash/tools/sbin/so-logstash-events
similarity index 100%
rename from salt/common/tools/sbin/so-logstash-events
rename to salt/logstash/tools/sbin/so-logstash-events
diff --git a/salt/common/tools/sbin/so-logstash-get-parsed b/salt/logstash/tools/sbin/so-logstash-get-parsed
similarity index 100%
rename from salt/common/tools/sbin/so-logstash-get-parsed
rename to salt/logstash/tools/sbin/so-logstash-get-parsed
diff --git a/salt/common/tools/sbin/so-logstash-get-unparsed b/salt/logstash/tools/sbin/so-logstash-get-unparsed
similarity index 100%
rename from salt/common/tools/sbin/so-logstash-get-unparsed
rename to salt/logstash/tools/sbin/so-logstash-get-unparsed
diff --git a/salt/common/tools/sbin/so-logstash-pipeline-stats b/salt/logstash/tools/sbin/so-logstash-pipeline-stats
similarity index 100%
rename from salt/common/tools/sbin/so-logstash-pipeline-stats
rename to salt/logstash/tools/sbin/so-logstash-pipeline-stats
diff --git a/salt/common/tools/sbin/so-logstash-restart b/salt/logstash/tools/sbin/so-logstash-restart
similarity index 100%
rename from salt/common/tools/sbin/so-logstash-restart
rename to salt/logstash/tools/sbin/so-logstash-restart
diff --git a/salt/common/tools/sbin/so-logstash-start b/salt/logstash/tools/sbin/so-logstash-start
similarity index 100%
rename from salt/common/tools/sbin/so-logstash-start
rename to salt/logstash/tools/sbin/so-logstash-start
diff --git a/salt/common/tools/sbin/so-logstash-stop b/salt/logstash/tools/sbin/so-logstash-stop
similarity index 100%
rename from salt/common/tools/sbin/so-logstash-stop
rename to salt/logstash/tools/sbin/so-logstash-stop
diff --git a/salt/common/tools/sbin/so-mysql-restart b/salt/mysql/tools/sbin/so-mysql-restart
similarity index 100%
rename from salt/common/tools/sbin/so-mysql-restart
rename to salt/mysql/tools/sbin/so-mysql-restart
diff --git a/salt/common/tools/sbin/so-mysql-start b/salt/mysql/tools/sbin/so-mysql-start
similarity index 100%
rename from salt/common/tools/sbin/so-mysql-start
rename to salt/mysql/tools/sbin/so-mysql-start
diff --git a/salt/common/tools/sbin/so-mysql-stop b/salt/mysql/tools/sbin/so-mysql-stop
similarity index 100%
rename from salt/common/tools/sbin/so-mysql-stop
rename to salt/mysql/tools/sbin/so-mysql-stop
diff --git a/salt/common/tools/sbin/so-playbook-import b/salt/playbook/tools/sbin/so-playbook-import
similarity index 100%
rename from salt/common/tools/sbin/so-playbook-import
rename to salt/playbook/tools/sbin/so-playbook-import
diff --git a/salt/common/tools/sbin/so-playbook-reset b/salt/playbook/tools/sbin/so-playbook-reset
similarity index 100%
rename from salt/common/tools/sbin/so-playbook-reset
rename to salt/playbook/tools/sbin/so-playbook-reset
diff --git a/salt/common/tools/sbin/so-playbook-restart b/salt/playbook/tools/sbin/so-playbook-restart
similarity index 100%
rename from salt/common/tools/sbin/so-playbook-restart
rename to salt/playbook/tools/sbin/so-playbook-restart
diff --git a/salt/common/tools/sbin/so-playbook-ruleupdate b/salt/playbook/tools/sbin/so-playbook-ruleupdate
similarity index 100%
rename from salt/common/tools/sbin/so-playbook-ruleupdate
rename to salt/playbook/tools/sbin/so-playbook-ruleupdate
diff --git a/salt/common/tools/sbin/so-playbook-sigma-refresh b/salt/playbook/tools/sbin/so-playbook-sigma-refresh
similarity index 100%
rename from salt/common/tools/sbin/so-playbook-sigma-refresh
rename to salt/playbook/tools/sbin/so-playbook-sigma-refresh
diff --git a/salt/common/tools/sbin/so-playbook-start b/salt/playbook/tools/sbin/so-playbook-start
similarity index 100%
rename from salt/common/tools/sbin/so-playbook-start
rename to salt/playbook/tools/sbin/so-playbook-start
diff --git a/salt/common/tools/sbin/so-playbook-stop b/salt/playbook/tools/sbin/so-playbook-stop
similarity index 100%
rename from salt/common/tools/sbin/so-playbook-stop
rename to salt/playbook/tools/sbin/so-playbook-stop
diff --git a/salt/common/tools/sbin/so-playbook-sync b/salt/playbook/tools/sbin/so-playbook-sync
similarity index 100%
rename from salt/common/tools/sbin/so-playbook-sync
rename to salt/playbook/tools/sbin/so-playbook-sync
diff --git a/salt/common/tools/sbin/so-redis-count b/salt/redis/tools/sbin/so-redis-count
similarity index 100%
rename from salt/common/tools/sbin/so-redis-count
rename to salt/redis/tools/sbin/so-redis-count
diff --git a/salt/common/tools/sbin/so-redis-restart b/salt/redis/tools/sbin/so-redis-restart
similarity index 100%
rename from salt/common/tools/sbin/so-redis-restart
rename to salt/redis/tools/sbin/so-redis-restart
diff --git a/salt/common/tools/sbin/so-redis-start b/salt/redis/tools/sbin/so-redis-start
similarity index 100%
rename from salt/common/tools/sbin/so-redis-start
rename to salt/redis/tools/sbin/so-redis-start
diff --git a/salt/common/tools/sbin/so-redis-stop b/salt/redis/tools/sbin/so-redis-stop
similarity index 100%
rename from salt/common/tools/sbin/so-redis-stop
rename to salt/redis/tools/sbin/so-redis-stop
diff --git a/salt/common/tools/sbin/so-soc-restart b/salt/soc/tools/sbin/so-soc-restart
similarity index 100%
rename from salt/common/tools/sbin/so-soc-restart
rename to salt/soc/tools/sbin/so-soc-restart
diff --git a/salt/common/tools/sbin/so-soc-start b/salt/soc/tools/sbin/so-soc-start
similarity index 100%
rename from salt/common/tools/sbin/so-soc-start
rename to salt/soc/tools/sbin/so-soc-start
diff --git a/salt/common/tools/sbin/so-soc-stop b/salt/soc/tools/sbin/so-soc-stop
similarity index 100%
rename from salt/common/tools/sbin/so-soc-stop
rename to salt/soc/tools/sbin/so-soc-stop
diff --git a/salt/common/tools/sbin/so-strelka-restart b/salt/strelka/tools/sbin/so-strelka-restart
similarity index 100%
rename from salt/common/tools/sbin/so-strelka-restart
rename to salt/strelka/tools/sbin/so-strelka-restart
diff --git a/salt/common/tools/sbin/so-strelka-start b/salt/strelka/tools/sbin/so-strelka-start
similarity index 100%
rename from salt/common/tools/sbin/so-strelka-start
rename to salt/strelka/tools/sbin/so-strelka-start
diff --git a/salt/common/tools/sbin/so-strelka-stop b/salt/strelka/tools/sbin/so-strelka-stop
similarity index 100%
rename from salt/common/tools/sbin/so-strelka-stop
rename to salt/strelka/tools/sbin/so-strelka-stop
diff --git a/salt/common/tools/sbin/so-telegraf-restart b/salt/telegraf/tools/sbin/so-telegraf-restart
similarity index 100%
rename from salt/common/tools/sbin/so-telegraf-restart
rename to salt/telegraf/tools/sbin/so-telegraf-restart
diff --git a/salt/common/tools/sbin/so-telegraf-start b/salt/telegraf/tools/sbin/so-telegraf-start
similarity index 100%
rename from salt/common/tools/sbin/so-telegraf-start
rename to salt/telegraf/tools/sbin/so-telegraf-start
diff --git a/salt/common/tools/sbin/so-telegraf-stop b/salt/telegraf/tools/sbin/so-telegraf-stop
similarity index 100%
rename from salt/common/tools/sbin/so-telegraf-stop
rename to salt/telegraf/tools/sbin/so-telegraf-stop