diff --git a/salt/common/tools/sbin/so-user b/salt/common/tools/sbin/so-user
index 32e7728a9..357614efb 100755
--- a/salt/common/tools/sbin/so-user
+++ b/salt/common/tools/sbin/so-user
@@ -22,13 +22,17 @@ got_root() {
 got_root
 
 if [[ $# < 1 || $# > 2 ]]; then
-  echo "Usage: $0 <list|add|update|delete|validate> [email]"
+  echo "Usage: $0 <list|add|update|delete|validate|valemail|valpass> [email]"
   echo ""
   echo "     list: Lists all user email addresses currently defined in the identity system"
   echo "      add: Adds a new user to the identity system; requires 'email' parameter"
   echo "   update: Updates a user's password; requires 'email' parameter"
   echo "   delete: Deletes an existing user; requires 'email' parameter"
   echo " validate: Validates that the given email address and password are acceptable for defining a new user; requires 'email' parameter"
+  echo " valemail: Validates that the given email address is acceptable for defining a new user; requires 'email' parameter"
+  echo "  valpass: Validates that a password is acceptable for defining a new user"
+  echo ""
+  echo " Note that the password can be piped into stdin to avoid prompting for it."
   exit 1
 fi
 
@@ -211,6 +215,16 @@ case "${operation}" in
 
   "validate")
     validateEmail "$email"
+    updatePassword
+    echo "Email and password are acceptable"
+    ;;
+
+  "valemail")
+    validateEmail "$email"
+    echo "Email is acceptable"
+    ;;
+
+  "valpass")
     updatePassword
     echo "Password is acceptable"
     ;;
diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index 3be56233e..50dab6d2f 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -179,7 +179,8 @@ filebeat.inputs:
     close_removed: false
 
 {%- endif %}
-#----------------------------- Logstash output ---------------------------------
+#----------------------------- Elasticsearch/Logstash output ---------------------------------
+{%- if grains['role'] == "so-eval" %}
 output.elasticsearch:
   enabled: true
   hosts: ["{{ MASTER }}:9200"]
@@ -202,12 +203,15 @@ output.elasticsearch:
       when.contains:
         module: "strelka"
 
-#output.logstash:
+setup.template.enabled: false
+{%- else %}
+
+output.logstash:
   # Boolean flag to enable or disable the output module.
-  #enabled: true
+  enabled: true
 
   # The Logstash hosts
-  #hosts: ["{{ MASTER }}:5644"]
+  hosts: ["{{ MASTER }}:5644"]
 
   # Number of workers per Logstash host.
   #worker: 1
@@ -222,21 +226,21 @@ output.elasticsearch:
   # and certificates will be accepted. In this mode, SSL based connections are
   # susceptible to man-in-the-middle attacks. Use only for testing. Default is
   # `full`.
-  #ssl.verification_mode: full
+  ssl.verification_mode: full
 
   # List of supported/valid TLS versions. By default all TLS versions 1.0 up to
   # 1.2 are enabled.
-  #ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]
+  ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]
 
   # Optional SSL configuration options. SSL is off by default.
   # List of root certificates for HTTPS server verifications
-  #ssl.certificate_authorities: ["/usr/share/filebeat/intraca.crt"]
+  ssl.certificate_authorities: ["/usr/share/filebeat/intraca.crt"]
 
   # Certificate for SSL client authentication
-  #ssl.certificate: "/usr/share/filebeat/filebeat.crt"
+  ssl.certificate: "/usr/share/filebeat/filebeat.crt"
 
   # Client Certificate Key
-  #ssl.key: "/usr/share/filebeat/filebeat.key"
+  ssl.key: "/usr/share/filebeat/filebeat.key"
 
 setup.template.enabled: false
   # A dictionary of settings to place into the settings.index dictionary
@@ -251,7 +255,7 @@ setup.template.enabled: false
   # https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-source-field.html
   #_source:
     #enabled: false
-
+{%- endif %}
 #============================== Kibana =====================================
 
 # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
diff --git a/salt/top.sls b/salt/top.sls
index 209faefd0..1dc06098e 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -42,6 +42,9 @@ base:
     - zeek
     {%- endif %}
     - wazuh
+    {%- if STRELKA %}
+    - strelka
+    {%- endif %}
     - filebeat
     {%- if FLEETMASTER or FLEETNODE %}
     - fleet.install_package
diff --git a/setup/so-setup b/setup/so-setup
index 11bf5a1f7..5a386793b 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -306,7 +306,7 @@ if (whiptail_you_sure) ; then
     set_hostname
     set_version
     generate_passwords
-    auth_pillar
+    secrets_pillar
     clear_master
     mkdir -p /nsm
     get_filesystem_root
@@ -586,7 +586,7 @@ if (whiptail_you_sure) ; then
     set_hostname
     set_version
     generate_passwords
-    auth_pillar
+    secrets_pillar
     clear_master
     mkdir -p /nsm
     get_filesystem_root