diff --git a/salt/common/tools/sbin/so-import-pcap b/salt/common/tools/sbin/so-import-pcap
index 3ca1f0277..402f921cb 100755
--- a/salt/common/tools/sbin/so-import-pcap
+++ b/salt/common/tools/sbin/so-import-pcap
@@ -76,11 +76,13 @@ function zeek() {
 
   NSM_PATH=/nsm/import/${HASH}/zeek
   mkdir -p $NSM_PATH/logs
-  mkdir -p $NSM_PATH/spool
   mkdir -p $NSM_PATH/extracted
+  mkdir -p $NSM_PATH/spool
   chown -R zeek:socore $NSM_PATH
   docker run --rm \
-    -v $NSM_PATH:/nsm:rw \
+    -v $NSM_PATH/logs:/nsm/zeek/logs:rw \
+    -v $NSM_PATH/spool:/nsm/zeek/spool:rw \
+    -v $NSM_PATH/extracted:/nsm/zeek/extracted:rw \
     -v $PCAP:/input.pcap:ro \
     -v /opt/so/conf/zeek/local.zeek:/opt/zeek/share/zeek/site/local.zeek:ro \
     -v /opt/so/conf/zeek/node.cfg:/opt/zeek/etc/node.cfg:ro \
diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index 9d0889a34..176365756 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -128,8 +128,8 @@ filebeat.inputs:
         imported: true
     processors:
     - dissect:
-        tokenizer: "/nsm/import/%{import_id}/zeek/logs/%{import_source}"
-        field: "source"
+        tokenizer: "/nsm/import/%{import.id}/zeek/logs/%{import.file}"
+        field: "log.file.path"
         target_prefix: ""
     - drop_fields:
         fields: ["source", "prospector", "input", "offset", "beat"]
@@ -166,8 +166,8 @@ filebeat.inputs:
       imported: true 
     processors:
     - dissect:
-        tokenizer: "/nsm/import/%{import_id}/suricata/%{import_source}"
-        field: "source"
+        tokenizer: "/nsm/import/%{import.id}/suricata/%{import.file}"
+        field: "log.file.path"
         target_prefix: ""
     - drop_fields:
         fields: ["source", "prospector", "input", "offset", "beat"]
diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls
index 8fba7e258..95352010e 100644
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -53,12 +53,11 @@ so-filebeat:
     - user: root
     - extra_hosts: {{ MASTER }}:{{ MASTERIP }}
     - binds:
+      - /nsm:/nsm:ro
       - /opt/so/log/filebeat:/usr/share/filebeat/logs:rw
       - /opt/so/conf/filebeat/etc/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
-      - /nsm:/nsm:ro
       - /opt/so/wazuh/logs/alerts:/wazuh/alerts:ro
       - /opt/so/wazuh/logs/archives:/wazuh/archives:ro
-      - /nsm/osquery/fleet/:/nsm/osquery/fleet:ro
       - /opt/so/conf/filebeat/etc/pki/filebeat.crt:/usr/share/filebeat/filebeat.crt:ro
       - /opt/so/conf/filebeat/etc/pki/filebeat.key:/usr/share/filebeat/filebeat.key:ro
       - /etc/ssl/certs/intca.crt:/usr/share/filebeat/intraca.crt:ro