diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja
index 2f6cc60a0..823b7b647 100644
--- a/salt/allowed_states.map.jinja
+++ b/salt/allowed_states.map.jinja
@@ -107,7 +107,8 @@
           'zeek',
           'schedule',
           'tcpreplay',
-          'docker_clean'
+          'docker_clean',
+          'elastic-fleet'
           ],
       'so-manager': [
           'salt.master',
diff --git a/salt/common/tools/sbin/so-elastic-fleet-setup b/salt/common/tools/sbin/so-elastic-fleet-setup
index 4e3d7639c..01968fcb4 100755
--- a/salt/common/tools/sbin/so-elastic-fleet-setup
+++ b/salt/common/tools/sbin/so-elastic-fleet-setup
@@ -19,10 +19,18 @@ printf "\n"
 curl -K /opt/so/conf/elasticsearch/curl.config -L -X PUT "localhost:5601/api/fleet/settings" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d  '{"fleet_server_hosts":["https://{{ GLOBALS.manager_ip }}:8220"]}'
 printf "\n\n"
 
-# Create Logstash Output payload
+# Configure certificates
 mkdir -p /opt/so/conf/elastic-fleet/certs
 cp /etc/ssl/certs/intca.crt /opt/so/conf/elastic-fleet/certs
 cp /etc/pki/elasticfleet* /opt/so/conf/elastic-fleet/certs
+
+{% if grains.role == 'so-import' %}
+# Add SO-Manager Elasticsearch Ouput
+curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/outputs" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d '{"name":"so-manager_elasticsearch","id":"so-manager_elasticsearch","type":"elasticsearch","hosts":["https://{{ GLOBALS.manager_ip }}:9200"],"is_default":true,"is_default_monitoring":true,"config_yaml":"","ssl":{"certificate_authorities":[ "/etc/pki/ca.crt" ]}}'
+printf "\n\n"
+
+{% else %}
+# Create Logstash Output payload
 LOGSTASHCRT=$(openssl x509 -in /opt/so/conf/elastic-fleet/certs/elasticfleet.crt)
 LOGSTASHKEY=$(openssl rsa -in  /opt/so/conf/elastic-fleet/certs/elasticfleet.key)
 LOGSTASHCA=$(openssl x509 -in  /opt/so/conf/elastic-fleet/certs/intca.crt)
@@ -30,12 +38,13 @@ JSON_STRING=$( jq -n \
                   --arg LOGSTASHCRT "$LOGSTASHCRT" \
                   --arg LOGSTASHKEY "$LOGSTASHKEY" \
                   --arg LOGSTASHCA "$LOGSTASHCA" \
-                  '{"name":"so-manager_logstash","id":"so-manager_logstash","type":"logstash","hosts":["{{ GLOBALS.manager_ip }}:5055"],"is_default":true,"is_default_monitoring":true,"config_yaml":"","ssl":{"certificate": $LOGSTASHCRT,"key": $LOGSTASHKEY,"certificate_authorities":[ $LOGSTASHCA ]}}'                
+                  '{"name":"so-manager_logstash","id":"so-manager_logstash","type":"logstash","hosts":["{{ GLOBALS.manager_ip }}:5055"],"is_default":true,"is_default_monitoring":true,"config_yaml":"","ssl":{"certificate": $LOGSTASHCRT,"key": $LOGSTASHKEY,"certificate_authorities":[ $LOGSTASHCA ]}}'
                   )
 
 # Add SO-Manager Logstash Ouput
 curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/outputs" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING"
 printf "\n\n"
+{%- endif %}
 
 # Add Elastic Fleet Integrations
 
diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common
index 3851d8b4a..0f03d891e 100755
--- a/salt/common/tools/sbin/so-image-common
+++ b/salt/common/tools/sbin/so-image-common
@@ -24,6 +24,8 @@ container_list() {
 
   if [ $MANAGERCHECK == 'so-import' ]; then
     TRUSTED_CONTAINERS=(
+      "so-elastic-agent"
+      "so-elastic-agent-builder"
       "so-elasticsearch"
       "so-filebeat"
       "so-idstools"
diff --git a/salt/firewall/assigned_hostgroups.map.yaml b/salt/firewall/assigned_hostgroups.map.yaml
index 6e249ec93..3b6f4a59a 100644
--- a/salt/firewall/assigned_hostgroups.map.yaml
+++ b/salt/firewall/assigned_hostgroups.map.yaml
@@ -436,6 +436,7 @@ role:
               - {{ portgroups.influxdb }}
               - {{ portgroups.elasticsearch_rest }}
               - {{ portgroups.elasticsearch_node }}
+              - {{ portgroups.elastic_agent_control }}
           sensors:
             portgroups:
               - {{ portgroups.beats_5044 }}
@@ -453,6 +454,10 @@ role:
           elasticsearch_rest:
             portgroups:
               - {{ portgroups.elasticsearch_rest }}
+          elastic_agent_endpoint:
+             portgroups:
+               - {{ portgroups.elasticsearch_rest }}
+               - {{ portgroups.elastic_agent_control }}
           analyst:
             portgroups:
               - {{ portgroups.nginx }}
diff --git a/salt/top.sls b/salt/top.sls
index e29d3b081..4b8531f4d 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -344,6 +344,7 @@ base:
     - zeek
     - schedule
     - docker_clean
+    - elastic-fleet
 
   '*_receiver and G@saltversion:{{saltversion}}':
     - match: compound
diff --git a/setup/so-setup b/setup/so-setup
index 86e9f23d0..1d5e1c122 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -587,10 +587,10 @@ if ! [[ -f $install_opt_file ]]; then
 		add_web_user
 		info "Restarting SOC to pick up initial user"
 		logCmd "so-soc-restart"
-		if [[ ! $is_import ]]; then
-			title "Setting up Elastic Fleet"
-			logCmd "so-elastic-fleet-setup"
-			title "Setting up Playbook"
+	        title "Setting up Elastic Fleet"
+	        logCmd "so-elastic-fleet-setup"
+	        if [[ ! $is_import ]]; then
+		  	title "Setting up Playbook"
 			logCmd "so-playbook-reset"
 		fi
 		checkin_at_boot