diff --git a/salt/soc/files/soc/menu.actions.json b/salt/soc/files/soc/menu.actions.json
index 665ca4c39..0c144c3cb 100644
--- a/salt/soc/files/soc/menu.actions.json
+++ b/salt/soc/files/soc/menu.actions.json
@@ -1,3 +1,4 @@
+{% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
 [
   { "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "target": "", 
             "links": [
@@ -29,5 +30,12 @@
   { "name": "actionVirusTotal", "description": "actionVirusTotalHelp", "icon": "fa-external-link-alt", "target": "_blank", 
             "links": [
               "https://www.virustotal.com/gui/search/{value}"
-					  ]}
+	    ]}
+ {%- if HIGHLANDER %}
+   {%- set EGHOST = salt['pillar.get']('soc:endgamehost', 'EGHOSTNOTPOPULATED') %}
+   ,{ "name": "Endgame", "description": "Endgame Endpoint Investigation and Response", "icon": "fa-external-link-alt", "target": "_blank",
+            "links": [
+              "https://{{ EGHOST }}/endpoints/{:agent.id}"
+            ]}
+ {% endif %}
 ]
diff --git a/setup/so-functions b/setup/so-functions
index 4398cfbcc..27c4daf95 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1421,7 +1421,7 @@ firewall_generate_templates() {
    
 	cp ../files/firewall/* /opt/so/saltstack/local/salt/firewall/ >> "$setup_log" 2>&1
 
-	for i in analyst beats_endpoint sensor manager minion osquery_endpoint search_node wazuh_endpoint; do
+	for i in analyst beats_endpoint endgame sensor manager minion osquery_endpoint search_node wazuh_endpoint; do
 		$default_salt_dir/salt/common/tools/sbin/so-firewall includehost "$i" 127.0.0.1
 	done
 
@@ -1640,6 +1640,13 @@ manager_pillar() {
 	printf '%s\n'\
 		"  kratoskey: '$KRATOSKEY'"\
 		"" >> "$pillar_file"
+
+        if [[ -n $ENDGAMEHOST ]]; then
+        	printf '%s\n'\
+			"soc:"\
+                	"  endgamehost: '$ENDGAMEHOST'"\
+                	"" >> "$pillar_file"
+	fi
 }
 
 manager_global() {
diff --git a/setup/so-setup b/setup/so-setup
index 71401602e..95cf84b27 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -967,9 +967,9 @@ else
 			so-learn enable logscan --apply >> $setup_log 2>&1
 		fi
 
-		if [[ -n $ENDGAME_SMP_IP ]]; then
+		if [[ -n $ENDGAMEHOST ]]; then
                         set_progress_str 99 'Configuring firewall for Endgame SMP'
-                        so-firewall --apply includehost endgame $ENDGAME_SMP_IP   >> $setup_log 2>&1
+                        so-firewall --apply includehost endgame $ENDGAMEHOST   >> $setup_log 2>&1
                 fi
 
 	} | whiptail_gauge_post_setup "Running post-installation steps..."