diff --git a/salt/logstash/pipelines/config/so/0011_input_endgame.conf b/salt/logstash/pipelines/config/so/0011_input_endgame.conf
index b87d8e9b2..375585957 100644
--- a/salt/logstash/pipelines/config/so/0011_input_endgame.conf
+++ b/salt/logstash/pipelines/config/so/0011_input_endgame.conf
@@ -3,6 +3,8 @@ input {
     id => "endgame_data"
     port => 3765
     codec => es_bulk
+    request_headers_target_field => client_headers
+    remote_host_target_field => client_host
     ssl => true
     ssl_certificate_authorities => ["/usr/share/filebeat/ca.crt"]
     ssl_certificate => "/usr/share/logstash/filebeat.crt"
diff --git a/salt/logstash/pipelines/config/so/9900_output_endgame.conf.jinja b/salt/logstash/pipelines/config/so/9900_output_endgame.conf.jinja
index f23913637..b5920fe40 100644
--- a/salt/logstash/pipelines/config/so/9900_output_endgame.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9900_output_endgame.conf.jinja
@@ -8,7 +8,7 @@
 filter {
   if [event][module] =~ "endgame" {
     mutate {
-      remove_field => ["headers", "host"]
+      remove_field => ["client_headers", "client_host"]
     }
   }
 }
diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls
index 641300fdf..44e7323ad 100644
--- a/salt/pcap/init.sls
+++ b/salt/pcap/init.sls
@@ -117,8 +117,6 @@ so-steno:
     - start: {{ STENOOPTIONS.start }}
     - network_mode: host
     - privileged: True
-    - port_bindings:
-      - 127.0.0.1:1234:1234
     - binds:
       - /opt/so/conf/steno/certs:/etc/stenographer/certs:rw
       - /opt/so/conf/steno/config:/etc/stenographer/config:rw
diff --git a/setup/so-whiptail b/setup/so-whiptail
index 3e4bf6151..130ae96bb 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -285,7 +285,7 @@ whiptail_storage_requirements() {
 
 		You need ${needed_val} to meet minimum requirements.
 
-		Visit https://docs.securityonion.net/en/2.1/hardware.html for more information.
+		Visit https://docs.securityonion.net/en/latest/hardware.html for more information.
 
 		Select YES to continue anyway, or select NO to cancel.
 	EOM
@@ -1776,7 +1776,7 @@ whiptail_storage_requirements() {
 
 		You need ${needed_val} to meet minimum requirements.
 
-		Visit https://docs.securityonion.net/en/2.1/hardware.html for more information.
+		Visit https://docs.securityonion.net/en/latest/hardware.html for more information.
 
 		Press YES to continue anyway, or press NO to cancel.
 	EOM