diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json
index f4a817ff3..81efcb447 100644
--- a/salt/soc/files/soc/soc.json
+++ b/salt/soc/files/soc/soc.json
@@ -141,6 +141,11 @@
           { "name": "x509", "description": "x.509 grouped by issuer", "query": "event.dataset:x509 | groupby x509.certificate.issuer"},
           { "name": "x509", "description": "x.509 grouped by subject", "query": "event.dataset:x509 | groupby x509.certificate.subject"},
           { "name": "Firewall", "description": "Firewall events grouped by action", "query": "event_type:firewall | groupby action"}
+        ],
+        "actions": [
+          { "name": "", "description": "actionPcapHelp", "icon": "fa-stream", "link": "/joblookup?esid={eventId}" },
+          { "name": "", "description": "actionAlertHelp", "icon": "fa-bell", "link": "/soctopus/thehive/alert/{eventId}" },
+          { "name": "", "description": "actionVirtusTotalHelp", "icon": "fa-globe", "link": "https://www.virustotal.com/gui/ip-address/{value}/detection", "fields": [ "source.ip", "destination.ip" ] }
         ]
       }
     }
diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 70d4c4b6a..416e13af5 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -8,10 +8,10 @@
 {% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('global:fleet_custom_hostname', None) %}
 
 {% if grains.id.split('_')|last in ['manager', 'eval', 'standalone', 'import'] %}
-    {% set trusttheca_text =  salt['mine.get'](grains.id, 'x509.get_pem_entries')[grains.id]['/etc/pki/ca.crt']|replace('\n', '') %}
+    {% set trusttheca_text = salt['cp.get_file_str']('/etc/pki/ca.crt')|replace('\n', '') %}
     {% set ca_server = grains.id %}
 {% else %}
-    {% set x509dict =  salt['mine.get']('*', 'x509.get_pem_entries') %}
+    {% set x509dict = salt['mine.get']('*', 'x509.get_pem_entries') %}
     {% for host in x509dict %}
       {% if 'manager' in host.split('_')|last or host.split('_')|last == 'standalone' %}
         {% do global_ca_text.append(x509dict[host].get('/etc/pki/ca.crt')|replace('\n', '')) %}
diff --git a/setup/so-whiptail b/setup/so-whiptail
index e590a30d9..d760373af 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -97,8 +97,8 @@ whiptail_zeek_version() {
 
 	[ -n "$TESTING" ] && return
 
-	ZEEKVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate meta data?" 20 75 4 "ZEEK" "Install Zeek (aka Bro)"  ON \
-	"SURICATA" "Use Suricata 5" OFF 3>&1 1>&2 2>&3)
+	ZEEKVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate metadata?" 20 75 4 "ZEEK" "Zeek (formerly known as Bro)"  ON \
+	"SURICATA" "Suricata" OFF 3>&1 1>&2 2>&3)
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -623,7 +623,7 @@ whiptail_nids() {
 	NIDS=$(whiptail --title "Security Onion Setup" --radiolist \
 	"Choose which IDS to run. \n 
 	Snort 3.0 support will be added once it is out of beta:" 25 75 4 \
-	"Suricata" "Suricata 4.X" ON  \
+	"Suricata" "Suricata" ON  \
 	"Snort" "Placeholder for Snort 3.0  " OFF 3>&1 1>&2 2>&3 )
 
 	local exitstatus=$?