diff --git a/setup/so-functions b/setup/so-functions
index c485ed7a0..90ced3b41 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -450,11 +450,21 @@ collect_hostname_validate() {
 collect_idh_services() {
 	whiptail_idh_services
 
-	if [ $idh_services == "Custom"; ] then
-		whiptail_idh_services_custom
-	fi
-
-	echo $idh_services
+	case "$idh_services" in
+		'Linux Webserver')
+			idh_services=("HTTP" "FTP" "SSH")
+		;;
+		'MySQL Server')
+			idh_services=("MYSQL" "SSH")
+		;;
+		'MSSQL Server')
+			idh_services=("MSSQL" "VNC")
+		;;
+		'Custom')
+			whiptail_idh_services_custom
+			echo $idh_services
+		;;
+	esac
 }
 
 collect_int_ip_mask() {
@@ -2839,6 +2849,16 @@ wait_for_salt_minion() {
 	retry 60 5 "journalctl -u salt-minion.service | grep 'Minion is ready to receive requests'" >> "$setup_log" 2>&1 || exit 1
 }
 
+write_out_idh_services() {
+	printf '%s\n'\
+	"idh:"\
+	"  opencanary:"\
+	"    config:" >> "$minion_config"
+	for service in ${idh_services[@]}; do
+      echo "      - $service" >> "$minion_config"
+    done
+}
+
 # Enable Zeek Logs
 zeek_logs_enabled() {
 	echo "Enabling Zeek Logs" >> "$setup_log" 2>&1
diff --git a/setup/so-setup b/setup/so-setup
index 23f3ed151..dc9b5abb5 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -271,6 +271,10 @@ if [[ $is_manager || $is_import ]]; then
 	check_elastic_license
 fi
 
+if [[ $is_idh ]]; then
+	collect_idh_services
+fi
+
 if ! [[ -f $install_opt_file ]]; then
 	if [[ $is_manager && $is_sensor ]]; then
 		check_requirements "standalone"
@@ -914,8 +918,9 @@ echo "1" > /root/accept_changes
 
 	fi
 
-	if [[ "$IDH" = 1 ]]; then
-		collect_idh_services()
+	if [[ $is_idh ]]; then
+		# Write out services to minion pillar file
+		write_out_idh_services
 
 		set_progress_str 79 "$(print_salt_state_apply 'idh')"
 		salt-call state.apply -l info idh >> $setup_log 2>&1
diff --git a/setup/so-whiptail b/setup/so-whiptail
index 7a26ad54c..96a145d2d 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -723,7 +723,7 @@ whiptail_idh_services() {
 	[ -n "$TESTING" ] && return
 
 	idh_services=$(whiptail --title "$whiptail_title" --radiolist \
-		"\nThe IDH node can mimic several services.\n\nChoose one of the common options along with their default ports (TCP) or select the Custom option to build a customized set of services." 20 75 5 \
+		"\nThe IDH node can mimic many different services.\n\nChoose one of the common options along with their default ports (TCP) or select the Custom option to build a customized set of services." 20 75 5 \
 		"Linux Webserver" "Apache (80), FTP (21), SSH (22)" ON \
 		"MySQL Server" "MySQL (3306), SSH (22)" OFF \
 		"MSSQL Server" "Microsoft SQL (1433), VNC (5900)" OFF \
@@ -739,20 +739,20 @@ whiptail_idh_services_custom() {
 	[ -n "$TESTING" ] && return
 
 	idh_services=$(whiptail --title "$whiptail_title" --checklist \
-		"\nThe IDH node can mimic many different services.\n\nChoose one or more of the following services along with their default ports (TCP). Some services have additional configuration options, please consult the documentation for further information." 20 75 6 \
-		"FTP       " "TCP/21,   Additional Configuration Available   " OFF \
-		"Git       " "TCP/9418                                       " OFF \
-		"HTTP      " "TCP/80,   Additional Configuration Available   " OFF \
-		"HTTPPROXY " "TCP/8080, Additional Configuration Available   " OFF \
-		"MSSQL     " "TCP/22                                         " OFF \
-		"MySQL     " "TCP/3306, Additional Configuration Available   " OFF \
-		"NTP       " "TCP/123                                        " OFF \
-		"REDIS     " "TCP/6379                                       " OFF \
-		"SNMP      " "TCP/161                                        " OFF \
-		"SSH       " "TCP/22,   Additional Configuration Available   " OFF \
-		"TELNET    " "TCP/23,   Additional Configuration Available   " OFF \
-		"TFTP      " "TCP/69                                         " OFF \
-		"VNC       " "TCP/22                                         " OFF 3>&1 1>&2 2>&3 )
+		"\nThe IDH node can mimic many different services.\n\nChoose one or more of the following services along with their default ports (TCP). Some services have additional configuration options, please consult the documentation for further information." 25 75 8 \
+		"FTP" "  TCP/21,   Additional Configuration Available   " OFF \
+		"Git" "  TCP/9418                                       " OFF \
+		"HTTP" "  TCP/80,   Additional Configuration Available   " OFF \
+		"HTTPPROXY" "  TCP/8080, Additional Configuration Available   " OFF \
+		"MSSQL" "  TCP/22                                         " OFF \
+		"MySQL" "  TCP/3306, Additional Configuration Available   " OFF \
+		"NTP" "  TCP/123                                        " OFF \
+		"REDIS" "  TCP/6379                                       " OFF \
+		"SNMP" "  TCP/161                                        " OFF \
+		"SSH" "  TCP/22,   Additional Configuration Available   " OFF \
+		"TELNET" "  TCP/23,   Additional Configuration Available   " OFF \
+		"TFTP" "  TCP/69                                         " OFF \
+		"VNC" "  TCP/22                                         " OFF 3>&1 1>&2 2>&3 )
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus