diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja
index bdff03c43..39596f595 100644
--- a/salt/allowed_states.map.jinja
+++ b/salt/allowed_states.map.jinja
@@ -91,6 +91,16 @@
           'schedule',
           'docker_clean'
           ],
+     'so-idh': [
+          'ssl',
+          'telegraf',
+          'firewall',
+          'fleet.install_package',
+          'filebeat',
+          'idh',
+          'schedule',
+          'docker_clean'
+          ],
       'so-import': [
           'salt.master',
           'ca',
diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 7ac6687e1..533f347d8 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -447,7 +447,7 @@ fleetkeyperms:
 
 {% endif %}
 
-{% if grains['role'] in ['so-sensor', 'so-manager', 'so-node', 'so-eval', 'so-helix', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-import', 'so-receiver'] %}
+{% if grains['role'] in ['so-sensor', 'so-manager', 'so-node', 'so-eval', 'so-helix', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-idh', 'so-import', 'so-receiver'] %}
    
 fbcertdir:
   file.directory:
diff --git a/salt/top.sls b/salt/top.sls
index b417089ba..2b70ce780 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -503,3 +503,21 @@ base:
     {%- endif %}
     - schedule
     - docker_clean
+
+  '*_idh and G@saltversion:{{saltversion}}':
+    - match: compound
+    - ssl
+    - sensoroni
+    - nginx
+    - telegraf
+    - firewall
+    {%- if WAZUH != 0 %}
+    - wazuh
+    {%- endif %}
+    {%- if FLEETMANAGER or FLEETNODE %}
+    - fleet.install_package
+    {%- endif %}
+    - schedule
+    - docker_clean
+    - filebeat
+    - idh
\ No newline at end of file