diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls
index 5fe9ab92f..fd31aeba8 100644
--- a/salt/playbook/init.sls
+++ b/salt/playbook/init.sls
@@ -42,6 +42,15 @@ query_updatwebhooks:
     - connection_user: root
     - connection_pass: {{ MYSQLPASS }}
 
+query_updatename:
+  mysql_query.run:
+    - database: playbook
+    - query:    "update custom_fields set name = 'Custom Filter' where id = 21;"
+    - connection_host: {{ GLOBALS.manager }}
+    - connection_port: 3306
+    - connection_user: root
+    - connection_pass: {{ MYSQLPASS }} 
+
 query_updatepluginurls:
   mysql_query.run:
     - database: playbook
diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 8d846a84d..8572ed7ce 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1565,6 +1565,18 @@ soc:
           - name: VLAN
             description: VLAN (Virtual Local Area Network) tagged logs
             query: '* AND _exists_:network.vlan.id | groupby network.vlan.id | groupby source.ip | groupby -sankey source.ip destination.ip | groupby destination.ip | groupby destination.port | groupby event.dataset | groupby event.module | groupby observer.name | groupby source.geo.country_name | groupby destination.geo.country_name'
+          - name: GeoIP - Destination Countries
+            description: GeoIP tagged logs visualized by destination countries
+            query: '* AND _exists_:destination.geo.country_name | groupby destination.geo.country_name | groupby source.ip | groupby -sankey source.ip destination.ip | groupby destination.ip | groupby destination.port | groupby destination_geo.organization_name | groupby event.dataset | groupby event.module'
+          - name: GeoIP - Destination Organizations
+            description: GeoIP tagged logs visualized by destination organizations
+            query: '* AND _exists_:destination_geo.organization_name | groupby destination_geo.organization_name | groupby source.ip | groupby -sankey source.ip destination.ip | groupby destination.ip | groupby destination.port | groupby destination.geo.country_name | groupby event.dataset | groupby event.module'
+          - name: GeoIP - Source Countries
+            description: GeoIP tagged logs visualized by source countries
+            query: '* AND _exists_:source.geo.country_name | groupby source.geo.country_name | groupby source.ip | groupby -sankey source.ip destination.ip | groupby destination.ip | groupby destination.port | groupby source_geo.organization_name | groupby event.dataset | groupby event.module'
+          - name: GeoIP - Source Organizations
+            description: GeoIP tagged logs visualized by source organizations
+            query: '* AND _exists_:source_geo.organization_name | groupby source_geo.organization_name | groupby source.ip | groupby -sankey source.ip destination.ip | groupby destination.ip | groupby destination.port | groupby source.geo.country_name | groupby event.dataset | groupby event.module'
       job:
       alerts:
         advanced: false
diff --git a/setup/so-functions b/setup/so-functions
index c58760059..18db0b7b4 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1956,6 +1956,8 @@ repo_sync_local() {
 	info "Backing up old repos"
 	mkdir -p /nsm/repo
 	mkdir -p /opt/so/conf/reposync/cache
+	echo "https://repo.securityonion.net/file/so-repo/2.4/" > /opt/so/conf/reposync/mirror.txt
+	echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/2.4/" >> /opt/so/conf/reposync/mirror.txt
 	echo "[main]" > /opt/so/conf/reposync/repodownload.conf
 	echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
 	echo "installonly_limit=3" >> /opt/so/conf/reposync/repodownload.conf
@@ -1966,11 +1968,11 @@ repo_sync_local() {
 	echo "keepcache=0" >> /opt/so/conf/reposync/repodownload.conf
 	echo "[securityonionsync]" >> /opt/so/conf/reposync/repodownload.conf
 	echo "name=Security Onion Repo repo" >> /opt/so/conf/reposync/repodownload.conf
-	echo "baseurl=https://repo.securityonion.net/file/securityonion-repo/2.4/" >> /opt/so/conf/reposync/repodownload.conf
+	echo "#baseurl=https://repo.securityonion.net/file/so-repo/2.4/" >> /opt/so/conf/reposync/repodownload.conf
+	echo "mirrorlist=file:///opt/so/conf/reposync/mirror.txt" >> /opt/so/conf/reposync/repodownload.conf
 	echo "enabled=1" >> /opt/so/conf/reposync/repodownload.conf
 	echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
-	echo "gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/securityonion.pub" >> /opt/so/conf/reposync/repodownload.conf
-
+	
 	logCmd "dnf repolist"
 	# Make sure we can get to the sig repo
     logCmd "curl --retry 5 --retry-delay 60 -A 'gridinstall/$SOVERSION/$OS/$(uname -r)/1' https://sigs.securityonion.net/checkup --output /tmp/install"