diff --git a/README.md b/README.md
index ab2110fab..e248f3453 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
-## Security Onion 2.4
+## Security Onion 2.4 Beta 2
 
-Security Onion 2.4 is here!
+Security Onion 2.4 Beta 2 is here!
 
 ## Screenshots
 
diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md
index ce56cd48c..53a229349 100644
--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -1,52 +1 @@
-### 2.3.120-20220425 ISO image built on 2022/04/25
-
-
-
-### Download and Verify
-
-2.3.120-20220425 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.120-20220425.iso
-
-MD5: C99729E452B064C471BEF04532F28556  
-SHA1: 60BF07D5347C24568C7B793BFA9792E98479CFBF  
-SHA256: CD17D0D7CABE21D45FA45E1CF91C5F24EB9608C79FF88480134E5592AFDD696E 
-
-Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.120-20220425.iso.sig
-
-Signing key:  
-https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
-
-For example, here are the steps you can use on most Linux distributions to download and verify our Security Onion ISO image.
-
-Download and import the signing key:  
-```
-wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS -O - | gpg --import -  
-```
-
-Download the signature file for the ISO:  
-```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.120-20220425.iso.sig
-```
-
-Download the ISO image:  
-```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.120-20220425.iso
-```
-
-Verify the downloaded ISO image using the signature file:  
-```
-gpg --verify securityonion-2.3.120-20220425.iso.sig securityonion-2.3.120-20220425.iso
-```
-
-The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
-```
-gpg: Signature made Mon 25 Apr 2022 08:20:40 AM EDT using RSA key ID FE507013
-gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
-gpg: WARNING: This key is not certified with a trusted signature!
-gpg:          There is no indication that the signature belongs to the owner.
-Primary key fingerprint: C804 A93D 36BE 0C73 3EA1  9644 7C10 60B7 FE50 7013
-```
-
-Once you've verified the ISO image, you're ready to proceed to our Installation guide:  
-https://docs.securityonion.net/en/2.3/installation.html
+### An ISO will be available starting in RC1. 
diff --git a/VERSION b/VERSION
index 005119baa..8e8299dcc 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.4.1
+2.4.2
diff --git a/pillar/top.sls b/pillar/top.sls
index 1acc5d030..9e373be31 100644
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -18,7 +18,8 @@ base:
 
   '*_eval or *_heavynode or *_sensor or *_standalone or *_import':
     - match: compound
-    - zeek
+    - zeek.soc_zeek
+    - zeek.adv_zeek
     - bpf.soc_bpf
     - bpf.adv_bpf
 
diff --git a/salt/idstools/soc_idstools.yaml b/salt/idstools/soc_idstools.yaml
index bda436928..e0ad6ba98 100644
--- a/salt/idstools/soc_idstools.yaml
+++ b/salt/idstools/soc_idstools.yaml
@@ -1,12 +1,14 @@
 idstools:
   config:
     oinkcode:
-      description: Enter your registration code for paid rulesets.
+      description: Enter your registration/oink code for paid NIDS rulesets.
+      title: registraion code
       global: True
       helpLink: rules.html
     ruleset:
-      description: Define the ruleset you want to run. Options are ETOPEN or ETPRO.
+      description: Defines the ruleset you want to run. Options are ETOPEN or ETPRO.
       global: True
+      regex:  ETPRO\b|ETOPEN\b
       helpLink: rules.html
     urls:
       description: This is a list of additional rule download locations.
@@ -14,20 +16,28 @@ idstools:
       helpLink: rules.html
   sids:
     disabled:
-      description: List of SIDS that you want to disable.
+      description: Contains the list of NIDS rules manually disabled across the grid. To disable a rule, add its signature ID (SID) to the Current Grid Value box, one entry per line. To disable multiple rules, you can use regular expressions.
       global: True
+      multiline: True
+      forcedType: "[]string"
+      regex: \d*|re:.*
       helpLink: managing-alerts.html
     enabled:
-      description: List of SIDS that are disabled by the rule source that you want to enable.
+      description: Contains the list of NIDS rules manually enabled across the grid. To enable a rule, add its signature ID (SID) to the Current Grid Value box, one entry per line. To enable multiple rules, you can use regular expressions.
       global: True
+      multiline: True
+      forcedType: "[]string"
+      regex: \d*|re:.*
       helpLink: managing-alerts.html
     modify:
-      description: List of SIDS that you want to modify.
+      description: Contains the list of NIDS rules that were modified from their default values. Entries must adhere to the following format - SID "REGEX_SEARCH_TERM" "REGEX_REPLACE_TERM"
       global: True
+      multiline: True
+      forcedType: "[]string"
       helpLink: managing-alerts.html
   rules:
     local__rules:
-      description: This is where custom Suricata rules are entered.
+      description: Contains the list of custom NIDS rules applied to the grid. To add custom NIDS rules to the grid, enter one rule per line in the Current Grid Value box.
       file: True
       global: True
       advanced: True
diff --git a/salt/kratos/defaults.yaml b/salt/kratos/defaults.yaml
index bcb166772..8f7a72b00 100644
--- a/salt/kratos/defaults.yaml
+++ b/salt/kratos/defaults.yaml
@@ -16,6 +16,7 @@ kratos:
             issuer: Security Onion
       flows:
         settings:
+          privileged_session_max_age: 5m
           ui_url: https://URL_BASE/?r=/settings
           required_aal: highest_available
         verification:
diff --git a/salt/kratos/soc_kratos.yaml b/salt/kratos/soc_kratos.yaml
index e3b88e28f..d2555bf11 100644
--- a/salt/kratos/soc_kratos.yaml
+++ b/salt/kratos/soc_kratos.yaml
@@ -23,7 +23,6 @@ kratos:
             haveibeenpwned_enabled:
               description: Set to True to check if a newly chosen password has ever been found in a published list of previously-compromised passwords. Requires outbound Internet connectivity when enabled.
               global: True
-              advanced: True
               helpLink: kratos.html
         totp:
           enabled: 
@@ -39,6 +38,10 @@ kratos:
               helpLink: kratos.html
       flows:
         settings:
+          privileged_session_max_age:
+            description: The length of time after a successful authentication for a user's session to remain elevated to a privileged session. Privileged sessions are able to change passwords and other security settings for that user. If a session is no longer privileged then the user is redirected to the login form in order to confirm the security change.
+            global: True
+            helpLink: kratos.html
           ui_url: 
             description: User accessible URL containing the user self-service profile and security settings. Leave as default to ensure proper operation.
             global: True
diff --git a/salt/zeek/files/node.cfg.jinja b/salt/zeek/files/node.cfg.jinja
index 9ef06bd5a..02b1518df 100644
--- a/salt/zeek/files/node.cfg.jinja
+++ b/salt/zeek/files/node.cfg.jinja
@@ -16,10 +16,10 @@ type=worker
 host=localhost
 interface=af_packet::{{ NODE.interface }}
 lb_method=custom
-  {%- if NODE.lb_procs %}
-lb_procs={{ NODE.lb_procs }}
-    {%- else %}
+  {%- if NODE.pins %}
 lb_procs={{ NODE.pins | length }}
+    {%- else %}
+lb_procs={{ NODE.lb_procs }}
   {%- endif %}
   {%- if NODE.pins %}
 pin_cpus={{ NODE.pins | join(", ") }}
diff --git a/salt/zeek/soc_zeek.yaml b/salt/zeek/soc_zeek.yaml
index 86c48712a..a3ad624b6 100644
--- a/salt/zeek/soc_zeek.yaml
+++ b/salt/zeek/soc_zeek.yaml
@@ -6,30 +6,36 @@ zeek:
   config:
     local:
       load:
-        description: List of Zeek policies to load
+        description: Contains a list of policies and scripts loaded by Zeek. Values in the Current Grid Value dialog box apply to every instance of Zeek. Values in a dialog box for a specific node will only apply to that node.
         forcedType: "[]string"
         helpLink: zeek.html
       load-sigs:
-        description: List of Zeek signatures to load
+        description: Contains a list of signatures loaded by Zeek. Values placed in the Current Grid Value dialog box apply to every instance of Zeek. Values placed in a dialog box for a specific node will only apply to that node.
         forcedType: "[]string"
         helpLink: zeek.html
       redef:
-        description: List of Zeek variables to redefine
+        description: List of Zeek variables to redefine. Values placed in the Current Grid Value dialog box apply to every instance of Zeek. Values placed in a dialog box for a specific node will only apply to that node.
         forcedType: "[]string"
         advanced: True
         helpLink: zeek.html
     node:
       lb_procs:
-        description: This is the number of CPUs to use for Zeek. This setting is ignored if you are using pins.
+        description: Contains the number of CPU cores or workers used by Zeek. This setting should only be applied to individual nodes and will be ignored if CPU affinity is enabled.
+        title: workers
         helpLink: zeek.html
         node: True
       pins_enabled:
         description: Enabling this setting allows you to pin Zeek to specific CPUs.
+        title: cpu affinity enabled
+        forcedType: bool
         helpLink: zeek.html
         node: True
         advanced: True
       pins:
-        description: This is a list of CPUs you want to pin Zeek to.
+        description: Contains a list of specific CPU cores pinned to Zeek workers. To set the CPU affinity, enter the processor ID number in the dialog box for the desired node. To retrieve the processor ID numbers, run the command "cat /proc/cpuinfo | grep processor" on the desired node. Please note that this setting should only be applied to individual nodes.
+        title: cpu affinity
+        multiline: True
+        forcedType: "[]string"
         helpLink: zeek.html
         node: True
         advanced: True
@@ -47,5 +53,5 @@ zeek:
           global: True
           advanced: True
   file_extraction:
-    description: This is a list of MIME types that Zeek will extract from the network streams.
+    description: Contains a list of file or MIME types Zeek will extract from the network streams. Values must adhere to the following format - {"MIME_TYPE":"FILE_EXTENTION"}
     helpLink: zeek.html
diff --git a/setup/so-functions b/setup/so-functions
index 942ca4671..d0924fc11 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -917,9 +917,19 @@ create_repo() {
 	logCmd "createrepo /nsm/repo"
 }
 
+
 detect_cloud() {
-  info "Testing if setup is running on a cloud instance..."
-  if ( curl --fail -s -m 5 http://169.254.169.254/latest/meta-data/instance-id > /dev/null ) || ( dmidecode -s bios-vendor | grep -q Google > /dev/null) || [ -f /var/log/waagent.log ]; then info "Detected a cloud installation..." && export is_cloud="true"; fi
+	info "Testing if setup is running on a cloud instance..."
+	if dmidecode -s bios-version | grep -q amazon || \
+		dmidecode -s bios-vendor | grep -q Amazon || \
+		dmidecode -s bios-vendor | grep -q Google || \
+		[ -f /var/log/waagent.log ]; then
+
+		info "Detected a cloud installation..."
+		export is_cloud="true"
+	else
+		info "This does not appear to be a cloud installation."
+	fi
 }
 
 detect_os() {