diff --git a/salt/elastalert/files/elastalert_config.yaml b/salt/elastalert/files/elastalert_config.yaml
index ba2b79448..28d26bac0 100644
--- a/salt/elastalert/files/elastalert_config.yaml
+++ b/salt/elastalert/files/elastalert_config.yaml
@@ -16,12 +16,12 @@ disable_rules_on_error: false
 # How often ElastAlert will query Elasticsearch
 # The unit can be anything from weeks to seconds
 run_every:
-  minutes: 1
+  minutes: 3
 
 # ElastAlert will buffer results from the most recent
 # period of time, in case some log sources are not in real time
 buffer_time:
-  minutes: 5
+  minutes: 10
 
 # The maximum time between queries for ElastAlert to start at the most recently
 # run query. When ElastAlert starts, for each rule, it will search elastalert_metadata
diff --git a/salt/soctopus/files/templates/generic.template b/salt/soctopus/files/templates/generic.template
index 1f56bc134..e93bc30f8 100644
--- a/salt/soctopus/files/templates/generic.template
+++ b/salt/soctopus/files/templates/generic.template
@@ -1,4 +1,4 @@
-{% set es = salt['pillar.get']('global:managerip', '') %}
+{% set es = salt['pillar.get']('manager:url_base', '') %}
 {% set hivehost = salt['pillar.get']('global:managerip', '') %}
 {% set hivekey = salt['pillar.get']('global:hivekey', '') %}
 alert:
@@ -15,7 +15,7 @@ hive_proxies:
   https: ''
 
 hive_alert_config:
-  title: '{rule[name]} - '
+  title: "{rule[name]} - "
   type: 'playbook'
   source: 'SecurityOnion'
   description: "`Play:` https://{{es}}/playbook/issues/6000 \n\n `View Event:` <https://{{es}}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{match[_id]}'),sort:!('@timestamp',desc))>  \n\n `Raw Data:` {match[message]}"
diff --git a/salt/soctopus/files/templates/osquery.template b/salt/soctopus/files/templates/osquery.template
index 44214afa3..de1d1cf0c 100644
--- a/salt/soctopus/files/templates/osquery.template
+++ b/salt/soctopus/files/templates/osquery.template
@@ -1,4 +1,4 @@
-{% set es = salt['pillar.get']('global:managerip', '') %}
+{% set es = salt['pillar.get']('manager:url_base', '') %}
 {% set hivehost = salt['pillar.get']('global:managerip', '') %}
 {% set hivekey = salt['pillar.get']('global:hivekey', '') %}
 alert:
@@ -21,7 +21,7 @@ hive_observable_data_mapping:
   - other: '{match[osquery][hostname]}'
 
 hive_alert_config:
-  title: '{rule[name]} -- {match[osquery][hostname]} -- {match[osquery][name]}'
+  title: "{rule[name]} -- {match[osquery][hostname]} -- {match[osquery][name]}"
   type: 'osquery'
   source: 'SecurityOnion'
   description: "`Play:` https://{{es}}/playbook/issues/6000 \n\n `View Event:` <https://{{es}}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{match[_id]}'),sort:!('@timestamp',desc))>  \n\n `Hostname:` __{match[osquery][hostname]}__  `Live Query:`__[Pivot Link](https://{{es}}/fleet/queries/new?host_uuids={match[osquery][LiveQuery]})__ `Pack:`  __{match[osquery][name]}__ `Data:` {match[osquery][columns]}"