diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index 7c6e0655b..342b925a0 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -1,6 +1,7 @@
 {%- set MASTER = grains['master'] %}
 {%- set HOSTNAME = salt['grains.get']('host', '') %}
 {%- set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') %}
+{%- set WAZUHENABLED = salt['pillar.get']('static:wazuh_enabled', '1') %}
 
 name: {{ HOSTNAME }}
 
@@ -36,16 +37,17 @@ filebeat.prospectors:
     clean_removed: false
     close_removed: false
 
+{%- if WAZUHENABLED == '1' %}
+
   - type: log
     paths:
-      - /alerts/alerts.json
+      - /wazuh/alerts/alerts.json
     fields:
       type: ossec
     fields_under_root: true
     clean_removed: false
     close_removed: false
-
-
+{%- endif %}
 
 #----------------------------- Logstash output ---------------------------------
 output.logstash:
diff --git a/salt/top.sls b/salt/top.sls
index 05e027a84..413a120f6 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -33,6 +33,7 @@ base:
     - utility
     - schedule
     - fleet
+    - wazuh
 
 
   'G@role:so-master':
diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls
index d034cab5c..a7f06ab33 100644
--- a/salt/wazuh/init.sls
+++ b/salt/wazuh/init.sls
@@ -1,91 +1,55 @@
-# Create a state directory
+{%- set HOSTNAME = salt['grains.get']('host', '') %}
 
-statedir:
-  file.directory:
-    - name: /opt/so/state
+#vm.max_map_count:
+#  sysctl.present:
+#    - value: 262144
 
-salttmp:
-  file.directory:
-    - name: /opt/so/tmp
+# Add ossec Group
+ossecgroup:
+  group.present:
+    - name: ossec
+    - gid: 945
 
-# Install packages needed for the sensor
+# Add ossecm user
+ossecm:
+  user.present:
+    - uid: 943
+    - gid: 945
+    - home: /opt/so/wazuh
+    - createhome: False
 
-sensorpkgs:
-  pkg.installed:
-    - skip_suggestions: True
-    - pkgs:
-      - docker-ce
-      - python-docker
+# Add ossecr user
+ossecr:
+  user.present:
+    - uid: 944
+    - gid: 945
+    - home: /opt/so/wazuh
+    - createhome: False
 
-# Always keep these packages up to date
+# Add ossec user
+ossec:
+  user.present:
+    - uid: 945
+    - gid: 945
+    - home: /opt/so/wazuh
+    - createhome: False
 
-alwaysupdated:
-  pkg.latest:
-    - pkgs:
-      - openssl
-      - openssh-server
-      - bash
-    - skip_suggestions: True
+# Add wazuh agent
+wazuhpkgs:
+ pkg.installed:
+   - skip_suggestions: False
+   - pkgs:
+     - wazuh-agent
 
-# Set time to UTC
-
-Etc/UTC:
-  timezone.system
-
-# Set up docker network
-dockernet:
-  docker_network.present:
-    - name: so-elastic-net
-    - driver: bridge
-
-# Snag the so-core docker
-toosmooth/so-core:test2:
-  docker_image.present
-
-# Drop the correct nginx config based on role
-
-nginxconfdir:
-  file.directory:
-    - name: /opt/so/conf/nginx
-    - user: 939
-    - group: 939
-    - makedirs: True
-
-nginxconf:
-  file.managed:
-    - name: /opt/so/conf/nginx/nginx.conf
-    - user: 939
-    - group: 939
-    - template: jinja
-    - source: salt://common/nginx/nginx.conf.{{ grains.role }}
-
-nginxlogdir:
-  file.directory:
-    - name: /opt/so/log/nginx/
-    - user: 939
-    - group: 939
-
-nginxtmp:
-  file.directory:
-    - name: /opt/so/tmp/nginx/tmp
-    - user: 939
-    - group: 939
-    - makedirs: True
-
-# Start the core docker
-so-core:
+so-wazuh:
   docker_container.running:
-    - image: toosmooth/so-core:test2
-    - hostname: so-core
-    - user: socore
-    - binds:
-      - /opt/so:/opt/so:rw
-      - /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
-      - /opt/so/log/nginx/:/var/log/nginx:rw
-      - /opt/so/tmp/nginx/:/var/lib/nginx:rw
-      - /opt/so/tmp/nginx/:/run:rw
-    - network_mode: so-elastic-net
-    - cap_add: NET_BIND_SERVICE
+    - image: soshybridhunter/so-wazuh:HH1.0.5
+    - hostname: {{HOSTNAME}}-wazuh-manager
+    - name: so-wazuh
+    - detach: True
     - port_bindings:
-      - 80:80
-      - 443:443
+      - 0.0.0.0:1514:1514
+      - 0.0.0.0:55000:55000
+    - binds:
+      - /opt/so/wazuh/:/var/ossec/data/:rw
+
diff --git a/so-setup-network.sh b/so-setup-network.sh
index 240172838..6fe2222ae 100644
--- a/so-setup-network.sh
+++ b/so-setup-network.sh
@@ -75,20 +75,21 @@ add_socore_user_notmaster() {
 
 }
 
-add_wazuh_users() {
+#add_wazuh_users() {
   
-  if [ $OS == 'centos' ]; then
-    local ADDUSER=adduser
-  else
-    local ADDUSER=useradd
-  fi
+  # REMARKING FOR NOW -- ADDING VIA init.sls
+  #if [ $OS == 'centos' ]; then
+  #  local ADDUSER=adduser
+  #else
+  #  local ADDUSER=useradd
+  #fi
 
-  groupadd --gid 945 ossec
-  $ADDUSER --uid 943 --gid 945 --home-dir /opt/so/wazuh --no-create-home ossecm
-  $ADDUSER --uid 944 --gid 945 --home-dir /opt/so/wazuh --no-create-home ossecr
-  $ADDUSER --uid 945 --gid 945 --home-dir /opt/so/wazuh --no-create-home ossec
+  #groupadd --gid 945 ossec
+  #$ADDUSER --uid 943 --gid 945 --home-dir /opt/so/wazuh --no-create-home ossecm
+  #$ADDUSER --uid 944 --gid 945 --home-dir /opt/so/wazuh --no-create-home ossecr
+  #$ADDUSER --uid 945 --gid 945 --home-dir /opt/so/wazuh --no-create-home ossec
 
-}
+#}
 
 
 # Enable Bro Logs
@@ -891,7 +892,7 @@ update_sudoers() {
 
 }
 
-wazuh_agent_install() {
+wazuh_repo_install() {
  
  if [ $OS == 'centos' ]; then
    # Add repo
@@ -904,22 +905,11 @@ name=Wazuh repository
 baseurl=https://packages.wazuh.com/3.x/yum/
 protect=1
 EOF
-   # Install agent
-   yum install -y wazuh-agent
-   # Prevent automatic upates
-   sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo
  else
    # Get key
    curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
    # Add repo
    echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list
-   apt-get update -y
-   # Install
-   apt-get install -y wazuh-agent
-   # Prevent automatic updates
-   sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/wazuh.list
-   # Set package state to "hold"
-   echo "wazuh-agent hold" | sudo dpkg --set-selections
  fi
 
 }
@@ -1470,11 +1460,11 @@ if (whiptail_you_sure); then
     echo ""
     add_socore_user_master
 
-    echo "** Adding Wazuh users **"
-    add_wazuh_users
+    #echo "** Adding Wazuh users **"
+    #add_wazuh_users
 
-    echo "** Installing Wazuh agent **"
-    wazuh_agent_install
+    echo "** Installing Wazuh repo **"
+    wazuh_repo_install
 
     # Install salt and dependencies
     echo " ** Installing Salt and Dependencies **"
@@ -1562,8 +1552,8 @@ if (whiptail_you_sure); then
     mkdir -p /nsm
     get_filesystem_root
     get_filesystem_nsm
-    add_wazuh_users
-    wazuh_agent_install
+    #add_wazuh_users
+    wazuh_repo_install
     copy_ssh_key
     set_initial_firewall_policy
     create_bond
@@ -1628,8 +1618,8 @@ if (whiptail_you_sure); then
     echo "**** Please set a password for socore. You will use this password when setting up other Nodes/Sensors"
     echo ""
     add_socore_user_master
-    add_wazuh_users
-    wazuh_agent_install
+    #add_wazuh_users
+    wazuh_repo_install
     create_bond
     saltify
     docker_install
@@ -1691,8 +1681,8 @@ if (whiptail_you_sure); then
     mkdir -p /nsm
     get_filesystem_root
     get_filesystem_nsm
-    add_wazuh_users
-    wazuh_agent_install
+    #add_wazuh_users
+    wazuh_repo_install
     copy_ssh_key
     set_initial_firewall_policy
     saltify