Merge pull request #1146 from Security-Onion-Solutions/feature/minio

Feature/minio
2025-12-06 17:22:49 +01:00 · 2020-08-05 23:01:58 -04:00
parent 30ff6d2b93 e7225349a6
commit 4936da9b5d
86 changed files with 340 additions and 224 deletions
--- a/pillar/docker/config.sls
+++ b/pillar/docker/config.sls
@@ -1,11 +1,11 @@
-{%- set FLEETMANAGER = salt['pillar.get']('static:fleet_manager', False) -%}
+{%- set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) -%}
-{%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}
+{%- set FLEETNODE = salt['pillar.get']('global:fleet_node', False) -%}
 {% set WAZUH = salt['pillar.get']('manager:wazuh', '0') %}
 {% set THEHIVE = salt['pillar.get']('manager:thehive', '0') %}
 {% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %}
 {% set FREQSERVER = salt['pillar.get']('manager:freq', '0') %}
 {% set DOMAINSTATS = salt['pillar.get']('manager:domainstats', '0') %}
-{% set ZEEKVER = salt['pillar.get']('static:zeekversion', 'COMMUNITY') %}
+{% set ZEEKVER = salt['pillar.get']('global:zeekversion', 'COMMUNITY') %}
 {% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
 eval:
--- a/pillar/logstash/manager.sls
+++ b/pillar/logstash/manager.sls
@@ -1,7 +1,12 @@
 {%- set PIPELINE = salt['pillar.get']('global:pipeline', 'minio') %}
 logstash:
  pipelines:
    manager:
      config:
        - so/0009_input_beats.conf      
        - so/0010_input_hhbeats.conf
        {%- if PIPELINE == "minio"%}
        - so/9998_output_minio.conf.jinja
        {%- else %}
        - so/9999_output_redis.conf.jinja
        {%- endif %}
--- a/pillar/logstash/search.sls
+++ b/pillar/logstash/search.sls
@@ -1,8 +1,13 @@
 {%- set PIPELINE = salt['pillar.get']('global:pipeline', 'minio') %}
 logstash:
  pipelines:
    search:
      config:
        {%- if PIPELINE == "minio"%}
        - so/0899_input_minio.conf.jinja
        {%- else %}
        - so/0900_input_redis.conf.jinja
        {%- endif %}
        - so/9000_output_zeek.conf.jinja
        - so/9002_output_import.conf.jinja
        - so/9034_output_syslog.conf.jinja
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -14,14 +14,14 @@ base:
    - elasticsearch.search
  '*_sensor':
-    - static
+    - global
    - zeeklogs
    - healthcheck.sensor
    - minions.{{ grains.id }}
  '*_manager or *_managersearch':
    - match: compound
-    - static
+    - global
    - data.*
    - secrets
    - minions.{{ grains.id }}
@@ -36,7 +36,7 @@ base:
    - secrets
    - healthcheck.eval
    - elasticsearch.eval
-    - static
+    - global
    - minions.{{ grains.id }}
  '*_standalone':
@@ -48,20 +48,20 @@ base:
    - zeeklogs
    - secrets
    - healthcheck.standalone
-    - static
+    - global
    - minions.{{ grains.id }}
  '*_node':
-    - static
+    - global
    - minions.{{ grains.id }}
  '*_heavynode':
-    - static
+    - global
    - zeeklogs
    - minions.{{ grains.id }}
  '*_helix':
-    - static
+    - global
    - fireeye
    - zeeklogs
    - logstash
@@ -69,13 +69,13 @@ base:
    - minions.{{ grains.id }}
  '*_fleet':
-    - static
+    - global
    - data.*
    - secrets
    - minions.{{ grains.id }}
  '*_searchnode':
-    - static
+    - global
    - logstash
    - logstash.search
    - elasticsearch.search
--- a/salt/common/maps/so-status.map.jinja
+++ b/salt/common/maps/so-status.map.jinja
@@ -20,7 +20,7 @@
 {% if role in ['eval', 'managersearch', 'manager', 'standalone'] %}
  {{ append_containers('manager', 'grafana', 0) }}
-  {{ append_containers('static', 'fleet_manager', 0) }}
+  {{ append_containers('global', 'fleet_manager', 0) }}
  {{ append_containers('manager', 'wazuh', 0) }}
  {{ append_containers('manager', 'thehive', 0) }}
  {{ append_containers('manager', 'playbook', 0) }}
@@ -29,11 +29,11 @@
 {% endif %}
 {% if role in ['eval', 'heavynode', 'sensor', 'standalone'] %}
-  {{ append_containers('static', 'strelka', 0) }}
+  {{ append_containers('global', 'strelka', 0) }}
 {% endif %}
 {% if role in ['heavynode', 'standalone'] %}
-  {{ append_containers('static', 'zeekversion', 'SURICATA') }}
+  {{ append_containers('global', 'zeekversion', 'SURICATA') }}
 {% endif %}
 {% if role == 'searchnode' %}
@@ -41,5 +41,5 @@
 {% endif %}
 {% if role == 'sensor' %}
-  {{ append_containers('static', 'zeekversion', 'SURICATA') }}
+  {{ append_containers('global', 'zeekversion', 'SURICATA') }}
 {% endif %}
--- a/salt/common/tools/sbin/so-docker-refresh
+++ b/salt/common/tools/sbin/so-docker-refresh
@@ -76,6 +76,7 @@ if [ $MANAGERCHECK != 'so-helix' ]; then
    "so-kibana:$VERSION" \
    "so-kratos:$VERSION" \
    "so-logstash:$VERSION" \
    "so-minio:$VERSION" \
    "so-mysql:$VERSION" \
    "so-nginx:$VERSION" \
    "so-pcaptools:$VERSION" \
--- a/salt/common/tools/sbin/so-elastic-clear
+++ b/salt/common/tools/sbin/so-elastic-clear
@@ -14,7 +14,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{%- set MANAGERIP = salt['pillar.get']('static:managerip', '') -%}
+{%- set MANAGERIP = salt['pillar.get']('global:managerip', '') -%}
 . /usr/sbin/so-common
 SKIP=0
--- a/salt/common/tools/sbin/so-features-enable
+++ b/salt/common/tools/sbin/so-features-enable
@@ -29,9 +29,9 @@ manager_check() {
 }
 manager_check
-VERSION=$(grep soversion $local_salt_dir/pillar/static.sls | cut -d':' -f2|sed 's/ //g')
+VERSION=$(grep soversion $local_salt_dir/pillar/global.sls | cut -d':' -f2|sed 's/ //g')
-# Modify static.sls to enable Features
+# Modify global.sls to enable Features
-sed -i 's/features: False/features: True/' $local_salt_dir/pillar/static.sls
+sed -i 's/features: False/features: True/' $local_salt_dir/pillar/global.sls
 SUFFIX="-features"
 TRUSTED_CONTAINERS=( \
  "so-elasticsearch:$VERSION$SUFFIX" \
--- a/salt/common/tools/sbin/so-import-pcap
+++ b/salt/common/tools/sbin/so-import-pcap
@@ -16,9 +16,9 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% set MANAGER = salt['grains.get']('master') %}
-{% set VERSION = salt['pillar.get']('static:soversion') %}
+{% set VERSION = salt['pillar.get']('global:soversion') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
-{%- set MANAGERIP = salt['pillar.get']('static:managerip') -%}
+{%- set MANAGERIP = salt['pillar.get']('global:managerip') -%}
 . /usr/sbin/so-common
--- a/salt/common/tools/sbin/so-kibana-config-export
+++ b/salt/common/tools/sbin/so-kibana-config-export
@@ -1,8 +1,8 @@
 #!/bin/bash
 #
-# {%- set FLEET_MANAGER = salt['pillar.get']('static:fleet_manager', False) -%}
+# {%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager', False) -%}
-# {%- set FLEET_NODE = salt['pillar.get']('static:fleet_node', False) -%}
+# {%- set FLEET_NODE = salt['pillar.get']('global:fleet_node', False) -%}
-# {%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', '') %}
+# {%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', '') %}
 # {%- set MANAGER = salt['pillar.get']('manager:url_base', '') %}
 #
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -111,6 +111,7 @@ update_dockers() {
      "so-kibana" \
      "so-kratos" \
      "so-logstash" \
      "so-minio" \
      "so-mysql" \
      "so-nginx" \
      "so-pcaptools" \
@@ -159,7 +160,7 @@ update_version() {
  # Update the version to the latest
  echo "Updating the Security Onion version file."
  echo $NEWVERSION > /etc/soversion
-  sed -i "s/$INSTALLEDVERSION/$NEWVERSION/g" /opt/so/saltstack/local/pillar/static.sls
+  sed -i "s/$INSTALLEDVERSION/$NEWVERSION/g" /opt/so/saltstack/local/pillar/global.sls
 }
 upgrade_check() {
--- a/salt/curator/init.sls
+++ b/salt/curator/init.sls
@@ -1,5 +1,5 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% if grains['role'] in ['so-eval', 'so-node', 'so-managersearch', 'so-heavynode', 'so-standalone'] %}
 # Curator
--- a/salt/deprecated-launcher/init.sls
+++ b/salt/deprecated-launcher/init.sls
@@ -1,4 +1,4 @@
-{%- set FLEETSETUP = salt['pillar.get']('static:fleetsetup', '0') -%}
+{%- set FLEETSETUP = salt['pillar.get']('global:fleetsetup', '0') -%}
 {%- if FLEETSETUP != 0 %}
 launcherpkg:
--- a/salt/domainstats/init.sls
+++ b/salt/domainstats/init.sls
@@ -13,7 +13,7 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 # Create the group
 dstatsgroup:
--- a/salt/elastalert/files/rules/so/suricata_thehive.yaml
+++ b/salt/elastalert/files/rules/so/suricata_thehive.yaml
@@ -1,6 +1,6 @@
-{% set es = salt['pillar.get']('static:managerip', '') %}
+{% set es = salt['pillar.get']('global:managerip', '') %}
-{% set hivehost = salt['pillar.get']('static:managerip', '') %}
+{% set hivehost = salt['pillar.get']('global:managerip', '') %}
-{% set hivekey = salt['pillar.get']('static:hivekey', '') %}
+{% set hivekey = salt['pillar.get']('global:hivekey', '') %}
 {% set MANAGER = salt['pillar.get']('manager:url_base', '') %}
 # Elastalert rule to forward Suricata alerts from Security Onion to a specified TheHive instance.
--- a/salt/elastalert/files/rules/so/wazuh_thehive.yaml
+++ b/salt/elastalert/files/rules/so/wazuh_thehive.yaml
@@ -1,6 +1,6 @@
-{% set es = salt['pillar.get']('static:managerip', '') %}
+{% set es = salt['pillar.get']('global:managerip', '') %}
-{% set hivehost = salt['pillar.get']('static:managerip', '') %}
+{% set hivehost = salt['pillar.get']('global:managerip', '') %}
-{% set hivekey = salt['pillar.get']('static:hivekey', '') %}
+{% set hivekey = salt['pillar.get']('global:hivekey', '') %}
 {% set MANAGER = salt['pillar.get']('manager:url_base', '') %}
 # Elastalert rule to forward high level Wazuh alerts from Security Onion to a specified TheHive instance.
--- a/salt/elastalert/init.sls
+++ b/salt/elastalert/init.sls
@@ -12,8 +12,8 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone'] %}
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -12,8 +12,8 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set FEATURES = salt['pillar.get']('elastic:features', False) %}
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -6,11 +6,11 @@
 {%- set HOSTNAME = salt['grains.get']('host', '') %}
-{%- set ZEEKVER = salt['pillar.get']('static:zeekversion', 'COMMUNITY') %}
+{%- set ZEEKVER = salt['pillar.get']('global:zeekversion', 'COMMUNITY') %}
-{%- set WAZUHENABLED = salt['pillar.get']('static:wazuh', '0') %}
+{%- set WAZUHENABLED = salt['pillar.get']('global:wazuh', '0') %}
 {%- set STRELKAENABLED = salt['pillar.get']('strelka:enabled', '0') %}
-{%- set FLEETMANAGER = salt['pillar.get']('static:fleet_manager', False) -%}
+{%- set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) -%}
-{%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}
+{%- set FLEETNODE = salt['pillar.get']('global:fleet_node', False) -%}
 name: {{ HOSTNAME }}
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -11,10 +11,10 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
-{% set MANAGERIP = salt['pillar.get']('static:managerip', '') %}
+{% set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
 {% set FEATURES = salt['pillar.get']('elastic:features', False) %}
 {% if FEATURES %}
  {% set FEATURES = "-features" %}
--- a/salt/firewall/assigned_hostgroups.map.yaml
+++ b/salt/firewall/assigned_hostgroups.map.yaml
@@ -15,6 +15,7 @@ role:
              - {{ portgroups.mysql }}
              - {{ portgroups.kibana }}
              - {{ portgroups.redis }}
              - {{ portgroups.minio }}
              - {{ portgroups.influxdb }}
              - {{ portgroups.fleet_api }}
              - {{ portgroups.cortex }}
@@ -38,6 +39,7 @@ role:
          search_node:
            portgroups:
              - {{ portgroups.redis }}
              - {{ portgroups.minio }}
              - {{ portgroups.elasticsearch_node }}
          self:
            portgroups:
@@ -99,6 +101,7 @@ role:
              - {{ portgroups.mysql }}
              - {{ portgroups.kibana }}
              - {{ portgroups.redis }}
              - {{ portgroups.minio }}
              - {{ portgroups.influxdb }}
              - {{ portgroups.fleet_api }}
              - {{ portgroups.cortex }}
@@ -122,6 +125,7 @@ role:
          search_node:
            portgroups:
              - {{ portgroups.redis }}
              - {{ portgroups.minio }}
              - {{ portgroups.elasticsearch_node }}
          self:
            portgroups:
@@ -180,6 +184,7 @@ role:
              - {{ portgroups.mysql }}
              - {{ portgroups.kibana }}
              - {{ portgroups.redis }}
              - {{ portgroups.minio }}
              - {{ portgroups.influxdb }}
              - {{ portgroups.fleet_api }}
              - {{ portgroups.cortex }}
@@ -203,6 +208,7 @@ role:
          search_node:
            portgroups:
              - {{ portgroups.redis }}
              - {{ portgroups.minio }}
              - {{ portgroups.elasticsearch_node }}
          self:
            portgroups:
@@ -261,6 +267,7 @@ role:
              - {{ portgroups.mysql }}
              - {{ portgroups.kibana }}
              - {{ portgroups.redis }}
              - {{ portgroups.minio }}
              - {{ portgroups.influxdb }}
              - {{ portgroups.fleet_api }}
              - {{ portgroups.cortex }}
@@ -284,6 +291,7 @@ role:
          search_node:
            portgroups:
              - {{ portgroups.redis }}
              - {{ portgroups.minio }}
              - {{ portgroups.elasticsearch_node }}
          self:
            portgroups:
--- a/salt/firewall/portgroups.yaml
+++ b/salt/firewall/portgroups.yaml
@@ -45,6 +45,9 @@ firewall:
      kibana:
        tcp:
          - 5601
      minio:
        tcp:
          - 9595
      mysql:
        tcp:
          - 3306
--- a/salt/fleet/event_gen-packages.sls
+++ b/salt/fleet/event_gen-packages.sls
@@ -1,10 +1,10 @@
 {% set MANAGER = salt['grains.get']('master') %}
 {% set ENROLLSECRET = salt['pillar.get']('secrets:fleet_enroll-secret') %}
-{% set CURRENTPACKAGEVERSION = salt['pillar.get']('static:fleet_packages-version') %}
+{% set CURRENTPACKAGEVERSION = salt['pillar.get']('global:fleet_packages-version') %}
-{% set VERSION = salt['pillar.get']('static:soversion') %}
+{% set VERSION = salt['pillar.get']('global:soversion') %}
-{% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('static:fleet_custom_hostname', None) %}
+{% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('global:fleet_custom_hostname', None) %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
-{%- set FLEETNODE = salt['pillar.get']('static:fleet_node') -%}
+{%- set FLEETNODE = salt['pillar.get']('global:fleet_node') -%}
 {% if CUSTOM_FLEET_HOSTNAME != None and CUSTOM_FLEET_HOSTNAME != '' %}
   {% set HOSTNAME =  CUSTOM_FLEET_HOSTNAME  %}
--- a/salt/fleet/event_update-custom-hostname.sls
+++ b/salt/fleet/event_update-custom-hostname.sls
@@ -1,4 +1,4 @@
-{% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('static:fleet_custom_hostname', None) %}
+{% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('global:fleet_custom_hostname', None) %}
 so/fleet:
  event.send:
--- a/salt/fleet/init.sls
+++ b/salt/fleet/init.sls
@@ -1,8 +1,8 @@
 {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
 {%- set FLEETPASS = salt['pillar.get']('secrets:fleet', None) -%}
 {%- set FLEETJWT = salt['pillar.get']('secrets:fleet_jwt', None) -%}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set FLEETARCH = salt['grains.get']('role') %}
@@ -10,7 +10,7 @@
  {% set MAININT = salt['pillar.get']('host:mainint') %}
  {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
 {% else %}
-  {% set MAINIP = salt['pillar.get']('static:managerip') %}
+  {% set MAINIP = salt['pillar.get']('global:managerip') %}
 {% endif %}
 include:
--- a/salt/fleet/install_package.sls
+++ b/salt/fleet/install_package.sls
@@ -1,8 +1,8 @@
-{%- set FLEETMANAGER = salt['pillar.get']('static:fleet_manager', False) -%}
+{%- set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) -%}
-{%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}
+{%- set FLEETNODE = salt['pillar.get']('global:fleet_node', False) -%}
-{%- set FLEETHOSTNAME = salt['pillar.get']('static:fleet_hostname', False) -%}
+{%- set FLEETHOSTNAME = salt['pillar.get']('global:fleet_hostname', False) -%}
-{%- set FLEETIP = salt['pillar.get']('static:fleet_ip', False) -%}
+{%- set FLEETIP = salt['pillar.get']('global:fleet_ip', False) -%}
-{% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('static:fleet_custom_hostname', None) %}
+{% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('global:fleet_custom_hostname', None) %}
 {% if CUSTOM_FLEET_HOSTNAME != (None and '') %}
--- a/salt/freqserver/init.sls
+++ b/salt/freqserver/init.sls
@@ -13,7 +13,7 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 # Create the user
 fservergroup:
--- a/salt/grafana/etc/datasources/influxdb.yaml
+++ b/salt/grafana/etc/datasources/influxdb.yaml
@@ -1,4 +1,4 @@
-{%- set MANAGER = salt['pillar.get']('static:managerip', '') %}
+{%- set MANAGER = salt['pillar.get']('global:managerip', '') %}
 apiVersion: 1
 deleteDatasources:
--- a/salt/grafana/init.sls
+++ b/salt/grafana/init.sls
@@ -1,7 +1,7 @@
 {% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
 {% set MANAGER = salt['grains.get']('master') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %}
--- a/salt/idstools/init.sls
+++ b/salt/idstools/init.sls
@@ -12,8 +12,8 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 # IDSTools Setup
 idstoolsdir:
--- a/salt/influxdb/init.sls
+++ b/salt/influxdb/init.sls
@@ -1,7 +1,7 @@
 {% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
 {% set MANAGER = salt['grains.get']('master') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %}
--- a/salt/kibana/bin/so-kibana-config-load
+++ b/salt/kibana/bin/so-kibana-config-load
@@ -1,6 +1,6 @@
 #!/bin/bash
-# {%- set FLEET_MANAGER = salt['pillar.get']('static:fleet_manager', False) -%}
+# {%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager', False) -%}
-# {%- set FLEET_NODE = salt['pillar.get']('static:fleet_node', False) -%}
+# {%- set FLEET_NODE = salt['pillar.get']('global:fleet_node', False) -%}
 # {%- set MANAGER = salt['pillar.get']('manager:url_base', '') %}
 KIBANA_VERSION="7.6.1"
--- a/salt/kibana/init.sls
+++ b/salt/kibana/init.sls
@@ -1,5 +1,5 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set FEATURES = salt['pillar.get']('elastic:features', False) %}
 {% if FEATURES %}
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -12,8 +12,8 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set FEATURES = salt['pillar.get']('elastic:features', False) %}
@@ -127,7 +127,7 @@ importdir:
 # Create the logstash data directory
 nsmlsdir:
  file.directory:
-    - name: /nsm/logstash
+    - name: /nsm/logstash/tmp
    - user: 931
    - group: 939
    - makedirs: True
@@ -148,6 +148,7 @@ so-logstash:
    - user: logstash
    - environment:
      - LS_JAVA_OPTS=-Xms{{ lsheap }} -Xmx{{ lsheap }}
      - SSL_CERT_FILE=/etc/ssl/certs/ca.crt
    - port_bindings:
 {% for BINDING in DOCKER_OPTIONS.port_bindings %}
      - {{ BINDING }}
@@ -166,6 +167,7 @@ so-logstash:
      - /etc/pki/filebeat.crt:/usr/share/logstash/filebeat.crt:ro
      - /etc/pki/filebeat.p8:/usr/share/logstash/filebeat.key:ro
      - /etc/pki/ca.crt:/usr/share/filebeat/ca.crt:ro
      - /etc/ssl/certs/intca.crt:/etc/ssl/certs/ca.crt:ro
      {%- if grains['role'] == 'so-eval' %}
      - /nsm/zeek:/nsm/zeek:ro
      - /nsm/suricata:/suricata:ro
--- a/salt/logstash/pipelines/config/so/0899_input_minio.conf.jinja
+++ b/salt/logstash/pipelines/config/so/0899_input_minio.conf.jinja
@@ -0,0 +1,23 @@
 {%- if grains.role == 'so-heavynode' %}
 {%- set MANAGER = salt['grains.get']('host') %}
 {%- else %}
 {%- set MANAGER = salt['grains.get']('master') %}
 {% endif -%}
 {%- set THREADS = salt['pillar.get']('logstash_settings:ls_input_threads', '') %}
 {%- set access_key = salt['pillar.get']('minio:access_key', '') %}
 {%- set access_secret = salt['pillar.get']('minio:access_secret', '') %}
 {%- set INTERVAL = salt['pillar.get']('s3_settings:interval', 5) %}
 input {
 	s3 {
        access_key_id => "{{ access_key }}"
        secret_access_key => "{{ access_secret }}"
        endpoint => "https://{{ MANAGER }}:9595"
        bucket => "logstash"
        delete => true
        interval => {{ INTERVAL }}
        codec => json
        additional_settings => {
            "force_path_style" => true
            }
    }
 }
--- a/salt/logstash/pipelines/config/so/0900_input_redis.conf.jinja
+++ b/salt/logstash/pipelines/config/so/0900_input_redis.conf.jinja
@@ -1,7 +1,7 @@
 {%- if grains.role == 'so-heavynode' %}
 {%- set MANAGER = salt['pillar.get']('elasticsearch:mainip', '') %}
 {%- else %}
-{%- set MANAGER = salt['pillar.get']('static:managerip', '') %}
+{%- set MANAGER = salt['pillar.get']('global:managerip', '') %}
 {% endif -%}
 {%- set THREADS = salt['pillar.get']('logstash_settings:ls_input_threads', '') %}
--- a/salt/logstash/pipelines/config/so/9998_output_minio.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9998_output_minio.conf.jinja
@@ -0,0 +1,22 @@
 {%- set MANAGER = salt['grains.get']('master') %}
 {%- set access_key = salt['pillar.get']('minio:access_key', '') %}
 {%- set access_secret = salt['pillar.get']('minio:access_secret', '') %}
 {%- set SIZE_FILE = salt['pillar.get']('s3_settings:size_file', 2048) %}
 {%- set TIME_FILE = salt['pillar.get']('s3_settings:time_file', 1) %}
 {%- set ENCODING = salt['pillar.get']('s3_settings:encoding', 'gzip') %}
 output {
 	s3 {
 		access_key_id => "{{ access_key }}"
        secret_access_key => "{{ access_secret}}"
        endpoint => "https://{{ MANAGER }}:9595"
        bucket => "logstash"
        size_file => {{ SIZE_FILE }}
        time_file => {{ TIME_FILE }}
        codec => json
        encoding => {{ ENCODING }}
        temporary_directory => "/usr/share/logstash/data/tmp"
        additional_settings => {
            "force_path_style" => true
            }
 	}
 }
--- a/salt/logstash/pipelines/config/so/9999_output_redis.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9999_output_redis.conf.jinja
@@ -1,4 +1,4 @@
-{% set MANAGER = salt['pillar.get']('static:managerip', '') %}
+{% set MANAGER = salt['pillar.get']('global:managerip', '') %}
 {% set BATCH = salt['pillar.get']('logstash_settings:ls_pipeline_batch_size', 125) %}
 output {
 	redis {
--- a/salt/manager/init.sls
+++ b/salt/manager/init.sls
@@ -12,10 +12,10 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
-{% set managerproxy = salt['pillar.get']('static:managerupdate', '0') %}
+{% set managerproxy = salt['pillar.get']('global:managerupdate', '0') %}
 socore_own_saltstack:
  file.directory:
--- a/salt/minio/init.sls
+++ b/salt/minio/init.sls
@@ -13,47 +13,47 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set access_key = salt['pillar.get']('manager:access_key', '') %}
+{% set access_key = salt['pillar.get']('minio:access_key', '') %}
-{% set access_secret = salt['pillar.get']('manager:access_secret', '') %}
+{% set access_secret = salt['pillar.get']('minio:access_secret', '') %}
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 # Minio Setup
 minioconfdir:
  file.directory:
-    - name: /opt/so/conf/minio/etc
+    - name: /opt/so/conf/minio/etc/certs
    - user: 939
    - group: 939
    - makedirs: True
 miniodatadir:
  file.directory:
-    - name: /nsm/minio/data
+    - name: /nsm/minio/data/
    - user: 939
    - group: 939
    - makedirs: True
-#redisconfsync:
+logstashbucket:
-#  file.recurse:
+  file.directory:
-#    - name: /opt/so/conf/redis/etc
+    - name: /nsm/minio/data/logstash
-#    - source: salt://redis/etc
+    - user: 939
-#    - user: 939
+    - group: 939
-#    - group: 939
+    - makedirs: True
 #    - template: jinja
-minio/minio:
+so-minio:
  docker_image.present
 minio:
  docker_container.running:
-    - image: minio/minio
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-minio:{{ VERSION }}
    - hostname: so-minio
    - user: socore
    - port_bindings:
-      - 0.0.0.0:9000:9000
+      - 0.0.0.0:9595:9595
    - environment:
      - MINIO_ACCESS_KEY: {{ access_key }}
      - MINIO_SECRET_KEY: {{ access_secret }}
    - binds:
      - /nsm/minio/data:/data:rw
-      - /opt/so/conf/minio/etc:/root/.minio:rw
+      - /opt/so/conf/minio/etc:/.minio:rw
-    - entrypoint: "/usr/bin/docker-entrypoint.sh server /data"
+      - /etc/pki/minio.key:/.minio/certs/private.key:ro
-    - network_mode: so-elastic-net
+      - /etc/pki/minio.crt:/.minio/certs/public.crt:ro
    - entrypoint: "/usr/bin/docker-entrypoint.sh server --certs-dir /.minio/certs --address :9595 /data"
--- a/salt/mysql/init.sls
+++ b/salt/mysql/init.sls
@@ -1,7 +1,7 @@
 {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) %}
-{%- set MANAGERIP = salt['pillar.get']('static:managerip', '') %}
+{%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set MAINIP = salt['pillar.get']('elasticsearch:mainip') %}
 {% set FLEETARCH = salt['grains.get']('role') %}
@@ -10,7 +10,7 @@
  {% set MAININT = salt['pillar.get']('host:mainint') %}
  {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
 {% else %}
-  {% set MAINIP = salt['pillar.get']('static:managerip') %}
+  {% set MAINIP = salt['pillar.get']('global:managerip') %}
 {% endif %}
 # MySQL Setup
--- a/salt/nginx/etc/nginx.conf.so-eval
+++ b/salt/nginx/etc/nginx.conf.so-eval
@@ -1,7 +1,7 @@
 {%- set managerip = salt['pillar.get']('manager:mainip', '') %}
-{%- set FLEET_MANAGER = salt['pillar.get']('static:fleet_manager') %}
+{%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %}
-{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
+{%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %}
-{%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', None) %}
+{%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %}
 # For more information on configuration, see:
 #   * Official English Documentation: http://nginx.org/en/docs/
 #   * Official Russian Documentation: http://nginx.org/ru/docs/
--- a/salt/nginx/etc/nginx.conf.so-manager
+++ b/salt/nginx/etc/nginx.conf.so-manager
@@ -1,7 +1,7 @@
 {%- set managerip = salt['pillar.get']('manager:mainip', '') %}
-{%- set FLEET_MANAGER = salt['pillar.get']('static:fleet_manager') %}
+{%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %}
-{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
+{%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %}
-{%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', None) %}
+{%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %}
 # For more information on configuration, see:
 #   * Official English Documentation: http://nginx.org/en/docs/
 #   * Official Russian Documentation: http://nginx.org/ru/docs/
--- a/salt/nginx/etc/nginx.conf.so-managersearch
+++ b/salt/nginx/etc/nginx.conf.so-managersearch
@@ -1,7 +1,7 @@
 {%- set managerip = salt['pillar.get']('manager:mainip', '') %}
-{%- set FLEET_MANAGER = salt['pillar.get']('static:fleet_manager') %}
+{%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %}
-{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
+{%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %}
-{%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', None) %}
+{%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %}
 # For more information on configuration, see:
 #   * Official English Documentation: http://nginx.org/en/docs/
 #   * Official Russian Documentation: http://nginx.org/ru/docs/
--- a/salt/nginx/etc/nginx.conf.so-standalone
+++ b/salt/nginx/etc/nginx.conf.so-standalone
@@ -1,7 +1,7 @@
 {%- set managerip = salt['pillar.get']('manager:mainip', '') %}
-{%- set FLEET_MANAGER = salt['pillar.get']('static:fleet_manager') %}
+{%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %}
-{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
+{%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %}
-{%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', None) %}
+{%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %}
 # For more information on configuration, see:
 #   * Official English Documentation: http://nginx.org/en/docs/
 #   * Official Russian Documentation: http://nginx.org/ru/docs/
--- a/salt/nginx/files/navigator_config.json
+++ b/salt/nginx/files/navigator_config.json
@@ -1,4 +1,4 @@
-{%- set ip = salt['pillar.get']('static:managerip', '') %}
+{%- set ip = salt['pillar.get']('global:managerip', '') %}
 {
    "enterprise_attack_url": "https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json",
--- a/salt/nginx/init.sls
+++ b/salt/nginx/init.sls
@@ -1,8 +1,8 @@
-{% set FLEETMANAGER = salt['pillar.get']('static:fleet_manager', False) %}
+{% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %}
-{% set FLEETNODE = salt['pillar.get']('static:fleet_node', False) %}
+{% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %}
 {% set MANAGER = salt['grains.get']('master') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 # Drop the correct nginx config based on role
 nginxconfdir:
--- a/salt/nodered/files/nodered_load_flows
+++ b/salt/nodered/files/nodered_load_flows
@@ -1,4 +1,4 @@
-{%- set ip = salt['pillar.get']('static:managerip', '') -%}
+{%- set ip = salt['pillar.get']('global:managerip', '') -%}
 #!/bin/bash
 default_salt_dir=/opt/so/saltstack/default
--- a/salt/nodered/files/so_flows.json
+++ b/salt/nodered/files/so_flows.json
--- a/salt/nodered/init.sls
+++ b/salt/nodered/init.sls
@@ -13,7 +13,7 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 # Create the nodered group
 noderedgroup:
--- a/salt/pcap/files/sensoroni.json
+++ b/salt/pcap/files/sensoroni.json
@@ -1,5 +1,5 @@
 {%- set MANAGER = salt['grains.get']('master') -%}
-{%- set SENSORONIKEY = salt['pillar.get']('static:sensoronikey', '') -%}
+{%- set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') -%}
 {%- set CHECKININTERVALMS = salt['pillar.get']('pcap:sensor_checkin_interval_ms', 10000) -%}
 {
  "logFilename": "/opt/sensoroni/logs/sensoroni.log",
--- a/salt/pcap/init.sls
+++ b/salt/pcap/init.sls
@@ -12,8 +12,8 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
 {% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %}
--- a/salt/playbook/init.sls
+++ b/salt/playbook/init.sls
@@ -1,6 +1,6 @@
 {% set MANAGERIP = salt['pillar.get']('manager:mainip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set MAINIP = salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('manager:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] %}
 {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
--- a/salt/reactor/fleet.sls
+++ b/salt/reactor/fleet.sls
@@ -10,7 +10,7 @@ def run():
  MINIONID = data['id']
  ACTION = data['data']['action']
  LOCAL_SALT_DIR = "/opt/so/saltstack/local"
-  STATICFILE = f"{LOCAL_SALT_DIR}/pillar/static.sls"  
+  STATICFILE = f"{LOCAL_SALT_DIR}/pillar/global.sls"  
  SECRETSFILE = f"{LOCAL_SALT_DIR}/pillar/secrets.sls"
  if MINIONID.split('_')[-1] in ['manager','eval','fleet','managersearch','standalone']:
--- a/salt/redis/init.sls
+++ b/salt/redis/init.sls
@@ -12,8 +12,8 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 # Redis Setup
--- a/salt/soc/files/soc/soc.json
+++ b/salt/soc/files/soc/soc.json
@@ -1,5 +1,5 @@
-{%- set MANAGERIP = salt['pillar.get']('static:managerip', '') -%}
+{%- set MANAGERIP = salt['pillar.get']('global:managerip', '') -%}
-{%- set SENSORONIKEY = salt['pillar.get']('static:sensoronikey', '') -%}
+{%- set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') -%}
 {
  "logFilename": "/opt/sensoroni/logs/sensoroni-server.log",
  "server": {
--- a/salt/soc/init.sls
+++ b/salt/soc/init.sls
@@ -1,5 +1,5 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 socdir:
--- a/salt/soctopus/files/SOCtopus.conf
+++ b/salt/soctopus/files/SOCtopus.conf
@@ -1,6 +1,6 @@
 {%- set MANAGER = salt['pillar.get']('manager:url_base', '') %}
-{%- set HIVEKEY = salt['pillar.get']('static:hivekey', '') %}
+{%- set HIVEKEY = salt['pillar.get']('global:hivekey', '') %}
-{%- set CORTEXKEY = salt['pillar.get']('static:cortexorguserkey', '') %}
+{%- set CORTEXKEY = salt['pillar.get']('global:cortexorguserkey', '') %}
 [es]
 es_url = http://{{MANAGER}}:9200
--- a/salt/soctopus/files/templates/es-generic.template
+++ b/salt/soctopus/files/templates/es-generic.template
@@ -1,4 +1,4 @@
-{% set ES = salt['pillar.get']('static:managerip', '') %}
+{% set ES = salt['pillar.get']('global:managerip', '') %}
 alert: modules.so.playbook-es.PlaybookESAlerter
 elasticsearch_host: "{{ ES }}:9200"
--- a/salt/soctopus/files/templates/generic.template
+++ b/salt/soctopus/files/templates/generic.template
@@ -1,6 +1,6 @@
-{% set es = salt['pillar.get']('static:managerip', '') %}
+{% set es = salt['pillar.get']('global:managerip', '') %}
-{% set hivehost = salt['pillar.get']('static:managerip', '') %}
+{% set hivehost = salt['pillar.get']('global:managerip', '') %}
-{% set hivekey = salt['pillar.get']('static:hivekey', '') %}
+{% set hivekey = salt['pillar.get']('global:hivekey', '') %}
 alert: hivealerter
 hive_connection:
--- a/salt/soctopus/files/templates/osquery.template
+++ b/salt/soctopus/files/templates/osquery.template
@@ -1,6 +1,6 @@
-{% set es = salt['pillar.get']('static:managerip', '') %}
+{% set es = salt['pillar.get']('global:managerip', '') %}
-{% set hivehost = salt['pillar.get']('static:managerip', '') %}
+{% set hivehost = salt['pillar.get']('global:managerip', '') %}
-{% set hivekey = salt['pillar.get']('static:hivekey', '') %}
+{% set hivekey = salt['pillar.get']('global:hivekey', '') %}
 alert: hivealerter
 hive_connection:
--- a/salt/soctopus/init.sls
+++ b/salt/soctopus/init.sls
@@ -1,8 +1,8 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {%- set MANAGER_URL = salt['pillar.get']('manager:url_base', '') %}
-{%- set MANAGER_IP = salt['pillar.get']('static:managerip', '') %}
+{%- set MANAGER_IP = salt['pillar.get']('global:managerip', '') %}
 soctopusdir:
  file.directory:
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -1,11 +1,11 @@
 {% set manager = salt['grains.get']('master') %}
-{% set managerip = salt['pillar.get']('static:managerip', '') %}
+{% set managerip = salt['pillar.get']('global:managerip', '') %}
 {% set HOSTNAME = salt['grains.get']('host') %}
 {% set global_ca_text = [] %}
 {% set global_ca_server = [] %}
 {% set MAININT = salt['pillar.get']('host:mainint') %}
 {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
-{% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('static:fleet_custom_hostname', None) %}
+{% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('global:fleet_custom_hostname', None) %}
 {% if grains.id.split('_')|last in ['manager', 'eval', 'standalone'] %}
    {% set trusttheca_text =  salt['mine.get'](grains.id, 'x509.get_pem_entries')[grains.id]['/etc/pki/ca.crt']|replace('\n', '') %}
@@ -181,6 +181,41 @@ regkeyperms:
    - mode: 640
    - group: 939
 /etc/pki/minio.key:
  x509.private_key_managed:
    - CN: {{ manager }}
    - bits: 4096
    - days_remaining: 0
    - days_valid: 820
    - backup: True
    - new: True
    {% if salt['file.file_exists']('/etc/pki/minio.key') -%}
    - prereq:
      - x509: /etc/pki/minio.crt
    {%- endif %}
 # Create a cert for the docker registry
 /etc/pki/minio.crt:
  x509.certificate_managed:
    - ca_server: {{ ca_server }}
    - signing_policy: registry
    - public_key: /etc/pki/minio.key
    - CN: {{ manager }}
    - days_remaining: 0
    - days_valid: 820
    - backup: True
    - unless:
      # https://github.com/saltstack/salt/issues/52167
      # Will trigger 5 days (432000 sec) from cert expiration
      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/minio.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
 miniokeyperms:
  file.managed:
    - replace: False
    - name: /etc/pki/minio.key
    - mode: 640
    - group: 939
 /etc/pki/managerssl.key:
  x509.private_key_managed:
    - CN: {{ manager }}
--- a/salt/strelka/files/backend/backend.yaml
+++ b/salt/strelka/files/backend/backend.yaml
@@ -2,7 +2,7 @@
  {%- set mainint = salt['pillar.get']('sensor:mainint') %}
  {%- set ip = salt['grains.get']('ip_interfaces:' ~ mainint[0], salt['pillar.get']('sensor:mainip')) %}
 {%- else %}
-  {%- set ip = salt['pillar.get']('static:managerip') %}
+  {%- set ip = salt['pillar.get']('global:managerip') %}
 {%- endif -%}
 logging_cfg: '/etc/strelka/logging.yaml'
 limits:
--- a/salt/strelka/files/filestream/filestream.yaml
+++ b/salt/strelka/files/filestream/filestream.yaml
@@ -2,7 +2,7 @@
  {%- set mainint = salt['pillar.get']('sensor:mainint') %}
  {%- set ip = salt['grains.get']('ip_interfaces:' ~ mainint[0], salt['pillar.get']('sensor:mainip')) %}
 {%- else %}
-  {%- set ip = salt['pillar.get']('static:managerip') %}
+  {%- set ip = salt['pillar.get']('global:managerip') %}
 {%- endif -%}
 conn:
  server: '{{ ip }}:57314'
--- a/salt/strelka/files/frontend/frontend.yaml
+++ b/salt/strelka/files/frontend/frontend.yaml
@@ -2,7 +2,7 @@
  {%- set mainint = salt['pillar.get']('sensor:mainint') %}
  {%- set ip = salt['grains.get']('ip_interfaces:' ~ mainint[0], salt['pillar.get']('sensor:mainip')) %}
 {%- else %}
-  {%- set ip = salt['pillar.get']('static:managerip') %}
+  {%- set ip = salt['pillar.get']('global:managerip') %}
 {%- endif -%}
 server: ":57314"
 coordinator:
--- a/salt/strelka/files/manager/manager.yaml
+++ b/salt/strelka/files/manager/manager.yaml
@@ -2,7 +2,7 @@
  {%- set mainint = salt['pillar.get']('sensor:mainint') %}
  {%- set ip = salt['grains.get']('ip_interfaces:' ~ mainint[0], salt['pillar.get']('sensor:mainip')) %}
 {%- else %}
-  {%- set ip = salt['pillar.get']('static:managerip') %}
+  {%- set ip = salt['pillar.get']('global:managerip') %}
 {%- endif -%}
 coordinator:
  addr: '{{ ip }}:6380'
--- a/salt/strelka/init.sls
+++ b/salt/strelka/init.sls
@@ -13,9 +13,9 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {%- set MANAGER = salt['grains.get']('master') %}
-{%- set MANAGERIP = salt['pillar.get']('static:managerip', '') %}
+{%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {%- set STRELKA_RULES = salt['pillar.get']('strelka:rules', '1') -%}
 # Strelka config
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -14,9 +14,9 @@
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
-{% set ZEEKVER = salt['pillar.get']('static:zeekversion', '') %}
+{% set ZEEKVER = salt['pillar.get']('global:zeekversion', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set BPF_NIDS = salt['pillar.get']('nids:bpf') %}
 {% set BPF_STATUS = 0  %}
--- a/salt/suricata/suricata_config.map.jinja
+++ b/salt/suricata/suricata_config.map.jinja
@@ -11,7 +11,7 @@ HOME_NET: "[{{salt['pillar.get']('sensor:hnsensor')}}]"
  {% endload %}
 {% else %}
  {% load_yaml as homenet %}
-HOME_NET: "[{{salt['pillar.get']('static:hnmanager', '')}}]"
+HOME_NET: "[{{salt['pillar.get']('global:hnmanager', '')}}]"
  {% endload %}
 {% endif %}
@@ -44,7 +44,7 @@ HOME_NET: "[{{salt['pillar.get']('static:hnmanager', '')}}]"
 {% endfor %}
 {% set surimeta_evelog_index = surimeta_evelog_index[0] %}
-{% if salt['pillar.get']('static:zeekversion', 'ZEEK') == 'SURICATA' %}
+{% if salt['pillar.get']('global:zeekversion', 'ZEEK') == 'SURICATA' %}
  {% do suricata_defaults.suricata.config.outputs[default_evelog_index]['eve-log'].types.extend(suricata_meta.suricata.config.outputs[surimeta_evelog_index]['eve-log'].types) %}
 {% endif %}
--- a/salt/tcpreplay/init.sls
+++ b/salt/tcpreplay/init.sls
@@ -1,6 +1,6 @@
 {% if grains['role'] == 'so-sensor' or grains['role'] == 'so-eval' %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 so-tcpreplay:
--- a/salt/telegraf/init.sls
+++ b/salt/telegraf/init.sls
@@ -1,6 +1,6 @@
 {% set MANAGER = salt['grains.get']('master') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 # Add Telegraf to monitor all the things.
 tgraflogdir:
--- a/salt/thehive/etc/application.conf
+++ b/salt/thehive/etc/application.conf
@@ -1,6 +1,6 @@
-{%- set MANAGERIP = salt['pillar.get']('static:managerip', '') %}
+{%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
-{%- set CORTEXKEY = salt['pillar.get']('static:cortexorguserkey', '') %}
+{%- set CORTEXKEY = salt['pillar.get']('global:cortexorguserkey', '') %}
-{%- set HIVEPLAYSECRET = salt['pillar.get']('static:hiveplaysecret', '') %}
+{%- set HIVEPLAYSECRET = salt['pillar.get']('global:hiveplaysecret', '') %}
 # Secret Key
 # The secret key is used to secure cryptographic functions.
--- a/salt/thehive/etc/cortex-application.conf
+++ b/salt/thehive/etc/cortex-application.conf
@@ -1,5 +1,5 @@
-{%- set MANAGERIP = salt['pillar.get']('static:managerip', '') %}
+{%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
-{%- set CORTEXPLAYSECRET = salt['pillar.get']('static:cortexplaysecret', '') %}
+{%- set CORTEXPLAYSECRET = salt['pillar.get']('global:cortexplaysecret', '') %}
 # Secret Key
 # The secret key is used to secure cryptographic functions.
--- a/salt/thehive/init.sls
+++ b/salt/thehive/init.sls
@@ -1,6 +1,6 @@
 {% set MANAGERIP = salt['pillar.get']('manager:mainip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 thehiveconfdir:
  file.directory:
--- a/salt/thehive/scripts/cortex_init
+++ b/salt/thehive/scripts/cortex_init
@@ -1,18 +1,18 @@
 #!/bin/bash
-# {%- set MANAGERIP = salt['pillar.get']('static:managerip', '') %}
+# {%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
-# {%- set CORTEXUSER = salt['pillar.get']('static:cortexuser', 'cortexadmin') %}
+# {%- set CORTEXUSER = salt['pillar.get']('global:cortexuser', 'cortexadmin') %}
-# {%- set CORTEXPASSWORD = salt['pillar.get']('static:cortexpassword', 'cortexchangeme') %}
+# {%- set CORTEXPASSWORD = salt['pillar.get']('global:cortexpassword', 'cortexchangeme') %}
-# {%- set CORTEXKEY = salt['pillar.get']('static:cortexkey', '') %}
+# {%- set CORTEXKEY = salt['pillar.get']('global:cortexkey', '') %}
-# {%- set CORTEXORGNAME = salt['pillar.get']('static:cortexorgname', '') %}
+# {%- set CORTEXORGNAME = salt['pillar.get']('global:cortexorgname', '') %}
-# {%- set CORTEXORGUSER = salt['pillar.get']('static:cortexorguser', 'soadmin') %}
+# {%- set CORTEXORGUSER = salt['pillar.get']('global:cortexorguser', 'soadmin') %}
-# {%- set CORTEXORGUSERKEY = salt['pillar.get']('static:cortexorguserkey', '') %}
+# {%- set CORTEXORGUSERKEY = salt['pillar.get']('global:cortexorguserkey', '') %}
 default_salt_dir=/opt/so/saltstack/default
 cortex_clean(){
-    sed -i '/^  cortexuser:/d' /opt/so/saltstack/local/pillar/static.sls
+    sed -i '/^  cortexuser:/d' /opt/so/saltstack/local/pillar/global.sls
-    sed -i '/^  cortexpassword:/d' /opt/so/saltstack/local/pillar/static.sls
+    sed -i '/^  cortexpassword:/d' /opt/so/saltstack/local/pillar/global.sls
-    sed -i '/^  cortexorguser:/d' /opt/so/saltstack/local/pillar/static.sls
+    sed -i '/^  cortexorguser:/d' /opt/so/saltstack/local/pillar/global.sls
 }
 cortex_init(){
--- a/salt/thehive/scripts/hive_init
+++ b/salt/thehive/scripts/hive_init
@@ -1,12 +1,12 @@
 #!/bin/bash
-# {%- set MANAGERIP = salt['pillar.get']('static:managerip', '') %}
+# {%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
-# {%- set THEHIVEUSER = salt['pillar.get']('static:hiveuser', 'hiveadmin') %}
+# {%- set THEHIVEUSER = salt['pillar.get']('global:hiveuser', 'hiveadmin') %}
-# {%- set THEHIVEPASSWORD = salt['pillar.get']('static:hivepassword', 'hivechangeme') %}
+# {%- set THEHIVEPASSWORD = salt['pillar.get']('global:hivepassword', 'hivechangeme') %}
-# {%- set THEHIVEKEY = salt['pillar.get']('static:hivekey', '') %}
+# {%- set THEHIVEKEY = salt['pillar.get']('global:hivekey', '') %}
 thehive_clean(){
-    sed -i '/^  hiveuser:/d' /opt/so/saltstack/local/pillar/static.sls
+    sed -i '/^  hiveuser:/d' /opt/so/saltstack/local/pillar/global.sls
-    sed -i '/^  hivepassword:/d' /opt/so/saltstack/local/pillar/static.sls 
+    sed -i '/^  hivepassword:/d' /opt/so/saltstack/local/pillar/global.sls 
 }
 thehive_init(){
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -1,11 +1,11 @@
-{%- set ZEEKVER = salt['pillar.get']('static:zeekversion', '') -%}
+{%- set ZEEKVER = salt['pillar.get']('global:zeekversion', '') -%}
-{%- set WAZUH = salt['pillar.get']('static:wazuh', '0') -%}
+{%- set WAZUH = salt['pillar.get']('global:wazuh', '0') -%}
 {%- set THEHIVE = salt['pillar.get']('manager:thehive', '0') -%}
 {%- set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') -%}
 {%- set FREQSERVER = salt['pillar.get']('manager:freq', '0') -%}
 {%- set DOMAINSTATS = salt['pillar.get']('manager:domainstats', '0') -%}
-{%- set FLEETMANAGER = salt['pillar.get']('static:fleet_manager', False) -%}
+{%- set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) -%}
-{%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}
+{%- set FLEETNODE = salt['pillar.get']('global:fleet_node', False) -%}
 {%- set STRELKA = salt['pillar.get']('strelka:enabled', '0') -%}
 {% import_yaml 'salt/minion.defaults.yaml' as salt %}
 {% set saltversion = salt.salt.minion.version %}
@@ -142,7 +142,6 @@ base:
    - manager
    - idstools
    - suricata.manager
    - redis
    {%- if FLEETMANAGER or FLEETNODE or PLAYBOOK != 0 %}
    - mysql
    {%- endif %}
@@ -150,6 +149,8 @@ base:
    - wazuh
    {%- endif %}
    - logstash
    - minio
    - redis
    - kibana
    - elastalert
    - filebeat
@@ -158,6 +159,7 @@ base:
    {%- if FLEETMANAGER or FLEETNODE %}
    - fleet
    - fleet.install_package
    - redis
    {%- endif %}
    - soctopus
    {%- if THEHIVE != 0 %}
@@ -189,7 +191,6 @@ base:
    - idstools
    - suricata.manager    
    - healthcheck
    - redis
    {%- if FLEETMANAGER or FLEETNODE or PLAYBOOK != 0 %}
    - mysql
    {%- endif %}
@@ -197,6 +198,7 @@ base:
    - wazuh
    {%- endif %}
    - logstash
    - minio
    - kibana
    - pcap
    - suricata
@@ -312,7 +314,7 @@ base:
    - manager
    - idstools
    - suricata.manager
-    - redis
+    - minio
    {%- if FLEETMANAGER or FLEETNODE or PLAYBOOK != 0 %}
    - mysql
    {%- endif %}
@@ -328,6 +330,7 @@ base:
    - schedule
    {%- if FLEETMANAGER or FLEETNODE %}
    - fleet
    - redis
    - fleet.install_package
    {%- endif %}
    - soctopus
@@ -351,7 +354,7 @@ base:
    - common
    - telegraf
    - firewall
-    - redis
+    - minio
    {%- if WAZUH != 0 %}
    - wazuh
    {%- endif %}
@@ -360,6 +363,7 @@ base:
    - filebeat
    {%- if FLEETMANAGER or FLEETNODE %}
    - fleet.install_package
    - redis
    {%- endif %}
    - pcap
    - suricata
--- a/salt/wazuh/files/agent/ossec.conf
+++ b/salt/wazuh/files/agent/ossec.conf
@@ -1,5 +1,5 @@
 {%- if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone'] %}
-  {%- set ip = salt['pillar.get']('static:managerip', '') %}
+  {%- set ip = salt['pillar.get']('global:managerip', '') %}
 {%- elif grains['role'] == 'so-node' or grains['role'] == 'so-heavynode' %}
  {%- set ip = salt['pillar.get']('elasticsearch:mainip', '') %}
 {%- elif grains['role'] == 'so-sensor' %}
--- a/salt/wazuh/files/agent/wazuh-register-agent
+++ b/salt/wazuh/files/agent/wazuh-register-agent
@@ -1,5 +1,5 @@
 {%- if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone'] %}
-  {%- set ip = salt['pillar.get']('static:managerip', '') %}
+  {%- set ip = salt['pillar.get']('global:managerip', '') %}
 {%- elif grains['role'] == 'so-node' or grains['role'] == 'so-heavynode' %}
  {%- set ip = salt['pillar.get']('elasticsearch:mainip', '') %}
 {%- elif grains['role'] == 'so-sensor' %}
--- a/salt/wazuh/files/wazuh-manager-whitelist
+++ b/salt/wazuh/files/wazuh-manager-whitelist
@@ -1,5 +1,5 @@
-{%- set MANAGERIP = salt['pillar.get']('static:managerip', '') %}
+{%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
-{%- set WAZUH_ENABLED = salt['pillar.get']('static:wazuh', '0') %}
+{%- set WAZUH_ENABLED = salt['pillar.get']('global:wazuh', '0') %}
 #!/bin/bash
 local_salt_dir=/opt/so/saltstack/local
--- a/salt/wazuh/init.sls
+++ b/salt/wazuh/init.sls
@@ -1,6 +1,6 @@
 {%- set HOSTNAME = salt['grains.get']('host', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 # Add ossec group
 ossecgroup:
--- a/salt/yum/etc/yum.conf.jinja
+++ b/salt/yum/etc/yum.conf.jinja
@@ -11,6 +11,6 @@ installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }}
 bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
 distroverpkg=centos-release
-{% if salt['pillar.get']('static:managerupdate', '0') %}
+{% if salt['pillar.get']('global:managerupdate', '0') %}
 proxy=http://{{ salt['pillar.get']('yum:config:proxy', salt['config.get']('master')) }}:3142
 {% endif %}
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -1,5 +1,5 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
-{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %}
+{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
 {% set BPF_ZEEK = salt['pillar.get']('zeek:bpf', {}) %}
 {% set BPF_STATUS = 0  %}
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -789,6 +789,7 @@ docker_seed_registry() {
 				"so-grafana:$VERSION" \
 				"so-influxdb:$VERSION" \
 				"so-kibana:$VERSION" \
 				"so-minio:$VERSION" \
 				"so-mysql:$VERSION" \
 				"so-pcaptools:$VERSION" \
 				"so-playbook:$VERSION" \
@@ -1006,8 +1007,8 @@ manager_pillar() {
 	cat "$pillar_file" >> "$setup_log" 2>&1
  }
-manager_static() {
+manager_global() {
-	local static_pillar="$local_salt_dir/pillar/static.sls"
+	local global_pillar="$local_salt_dir/pillar/global.sls"
 	if [ -z "$SENSOR_CHECKIN_INTERVAL_MS" ]; then
 		SENSOR_CHECKIN_INTERVAL_MS=10000
@@ -1016,9 +1017,9 @@ manager_static() {
 		fi
 	fi
-	# Create a static file for global values
+	# Create a global file for global values
 	printf '%s\n'\
-		"static:"\
+		"global:"\
 		"  soversion: $SOVERSION"\
 		"  hnmanager: $HNMANAGER"\
 		"  ntpserver: $NTPSERVER"\
@@ -1048,6 +1049,7 @@ manager_static() {
 		"  wazuh: $WAZUH"\
        "  managerupdate: $MANAGERUPDATES"\
 		"  imagerepo: $IMAGEREPO"\
 		"  pipeline: minio"\
 		"pcap:"\
 		"  sensor_checkin_interval_ms: $SENSOR_CHECKIN_INTERVAL_MS"\
 		"strelka:"\
@@ -1117,10 +1119,18 @@ manager_static() {
 		"      shards: 5"\
 		"      warm: 7"\
 		"      close: 365"\
-		"      delete: 45" > "$static_pillar"
+		"      delete: 45"\
-
+		"minio:"\
 		"  access_key: $ACCESS_KEY"\
 		"  access_secret: $ACCESS_SECRET"\
 		"s3_settings:"\ 
 		"  size_file: 2048"\
 		"  time_file: 1"\
 		"  encoding: gzip"\
 		"  interval: 5" > "$global_pillar"
 	printf '%s\n'  '----' >> "$setup_log" 2>&1
-	cat "$static_pillar" >> "$setup_log" 2>&1
+	cat "$global_pillar" >> "$setup_log" 2>&1
 }
 minio_generate_keys() {
@@ -1520,10 +1530,6 @@ sensor_pillar() {
 	if [ "$HNSENSOR" != 'inherit' ]; then
 		echo "  hnsensor: $HNSENSOR" >> "$pillar_file"
 	fi
 	printf '%s\n'\
 		"  access_key: $ACCESS_KEY"\
 		"  access_secret: $ACCESS_SECRET"\
 		"" >> "$pillar_file"
 	printf '%s\n'  '----' >> "$setup_log" 2>&1
 	cat "$pillar_file" >> "$setup_log" 2>&1
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -428,8 +428,9 @@ fi
 		set_progress_str 11 'Updating sudoers file for soremote user'
 		update_sudoers >> $setup_log 2>&1
-		set_progress_str 12 'Generating manager static pillar'
+		set_progress_str 12 'Generating manager global pillar'
-		manager_static >> $setup_log 2>&1
+		minio_generate_keys
 		manager_global >> $setup_log 2>&1
 		set_progress_str 13 'Generating manager pillar'
 		manager_pillar >> $setup_log 2>&1
@@ -571,7 +572,7 @@ fi
 		if [[ $is_fleet_standalone && $FLEETCUSTOMHOSTNAME != '' ]]; then
 			set_progress_str 77 "$(print_salt_state_apply 'fleet.event_update-custom-hostname')"
-			pillar_override="{\"static\":{\"fleet_custom_hostname\": \"$FLEETCUSTOMHOSTNAME\"}}"
+			pillar_override="{\"global\":{\"fleet_custom_hostname\": \"$FLEETCUSTOMHOSTNAME\"}}"
 			salt-call state.apply -l info fleet.event_update-custom-hostname pillar="$pillar_override" >> $setup_log 2>&1
 		fi