diff --git a/salt/common/init.sls b/salt/common/init.sls
index 0ada77e1a..93f76c3b3 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -297,6 +297,25 @@ commonlogrotateconf:
     - month: '*'
     - dayweek: '*'
 
+# Create the status directory
+sostatusdir:
+  file.directory:
+    - name: /opt/so/log/sostatus
+    - user: 0
+    - group: 0
+    - makedirs: True
+    
+# Install sostatus check cron
+/usr/sbin/so-status -q && echo $? > /opt/so/log/sostatus/status.log 2>&1:
+  cron.present:
+    - user: root
+    - minute: '*/5'
+    - hour: '*'
+    - daymonth: '*'
+    - month: '*'
+    - dayweek: '*'
+
+
 {% if role in ['eval', 'manager', 'managersearch', 'standalone'] %}
 # Lock permissions on the backup directory
 backupdir:
diff --git a/salt/common/yum_repos/securityonion.repo b/salt/common/yum_repos/securityonion.repo
index e61829380..0f39d5a3f 100644
--- a/salt/common/yum_repos/securityonion.repo
+++ b/salt/common/yum_repos/securityonion.repo
@@ -47,6 +47,13 @@ enabled=1
 gpgcheck=1
 gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/SALTSTACK-GPG-KEY.pub
 
+[saltstack3003]
+name=SaltStack repo for RHEL/CentOS $releasever PY3
+baseurl=https://repo.securityonion.net/file/securityonion-repo/saltstack3003/
+enabled=1
+gpgcheck=1
+gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/SALTSTACK-GPG-KEY.pub
+
 [wazuh_repo]
 gpgcheck=1
 gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/GPG-KEY-WAZUH
diff --git a/salt/common/yum_repos/securityonioncache.repo b/salt/common/yum_repos/securityonioncache.repo
index 6d5058337..def6f8a40 100644
--- a/salt/common/yum_repos/securityonioncache.repo
+++ b/salt/common/yum_repos/securityonioncache.repo
@@ -47,6 +47,13 @@ enabled=1
 gpgcheck=1
 gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/SALTSTACK-GPG-KEY.pub
 
+[saltstack3003]
+name=SaltStack repo for RHEL/CentOS $releasever PY3
+baseurl=http://repocache.securityonion.net/file/securityonion-repo/saltstack3003/
+enabled=1
+gpgcheck=1
+gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/SALTSTACK-GPG-KEY.pub
+
 [wazuh_repo]
 gpgcheck=1
 gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/GPG-KEY-WAZUH
diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls
index 2814eb159..cea4d3f45 100644
--- a/salt/telegraf/init.sls
+++ b/salt/telegraf/init.sls
@@ -72,6 +72,8 @@ so-telegraf:
       - /opt/so/conf/telegraf/scripts:/scripts:ro
       - /opt/so/log/stenographer:/var/log/stenographer:ro
       - /opt/so/log/suricata:/var/log/suricata:ro
+      - /opt/so/log/raid:/var/log/raid:ro
+      - /opt/so/log/sostatus:/var/log/sostatus:ro
     - watch:
       - file: tgrafconf
       - file: tgrafsyncscripts
diff --git a/salt/telegraf/scripts/sostatus.sh b/salt/telegraf/scripts/sostatus.sh
new file mode 100644
index 000000000..23096d903
--- /dev/null
+++ b/salt/telegraf/scripts/sostatus.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+APP=sostatus
+lf=/tmp/$APP-pidLockFile
+# create empty lock file if none exists
+cat /dev/null >> $lf
+read lastPID < $lf
+# if lastPID is not null and a process with that pid exists , exit
+[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit
+echo $$ > $lf
+SOSTATUSLOG=/var/log/sostatus/status.log
+SOSTATUSSTATUS=$(cat /var/log/sostatus/status.log)
+
+if [ -f "$SOSTATUSLOG" ]; then
+    echo "sostatus status=$SOSTATUSSTATUS"
+else
+    exit 0
+fi
diff --git a/setup/so-functions b/setup/so-functions
index 8a751a4ad..9cbad1cfb 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1012,7 +1012,7 @@ create_repo() {
 
 detect_cloud() {
   echo "Testing if setup is running on a cloud instance..." | tee -a "$setup_log"
-  if ( curl --fail -s -m 5 http://169.254.169.254/latest/meta-data/instance-id > /dev/null ) || ( dmidecode -s bios-vendor | grep -q Google > /dev/null); then export is_cloud="true"; fi
+  if ( curl --fail -s -m 5 http://169.254.169.254/latest/meta-data/instance-id > /dev/null ) || ( dmidecode -s bios-vendor | grep -q Google > /dev/null) || [ -f /var/log/waagent.log ]; then export is_cloud="true"; fi
 }
 
 detect_os() {
@@ -2286,13 +2286,21 @@ secrets_pillar(){
 securityonion_repo() {
 	# Remove all the current repos
 	if [[ "$OS" == "centos" ]]; then
-	    mkdir -p /root/oldrepos
-	    mv /etc/yum.repos.d/* /root/oldrepos/
-		rm -f /etc/yum.repos.d/*
-		if [[ ! $is_manager && "$MANAGERUPDATES" == "1" ]]; then
-		    cp -f ../salt/common/yum_repos/securityonioncache.repo /etc/yum.repos.d/
+	    if [[ "$INTERWEBS" == "AIRGAP" ]]; then
+		    echo "This is airgap I don't need to add this repo"
 		else
-		    cp -f ../salt/common/yum_repos/securityonion.repo /etc/yum.repos.d/
+	        mkdir -p /root/oldrepos
+	        mv -v /etc/yum.repos.d/* /root/oldrepos/
+			ls -la /etc/yum.repos.d/
+		    rm -rf /etc/yum.repos.d
+			yum clean all
+			yum repolist all
+			mkdir -p /etc/yum.repos.d
+		    if [[ ! $is_manager && "$MANAGERUPDATES" == "1" ]]; then
+		        cp -f ../salt/common/yum_repos/securityonioncache.repo /etc/yum.repos.d/
+		    else
+		        cp -f ../salt/common/yum_repos/securityonion.repo /etc/yum.repos.d/
+		    fi
 		fi
 	else
         echo "This is Ubuntu"