diff --git a/.github/DISCUSSION_TEMPLATE/2-4.yml b/.github/DISCUSSION_TEMPLATE/2-4.yml
index af5fa3a84..0b8d5e6b9 100644
--- a/.github/DISCUSSION_TEMPLATE/2-4.yml
+++ b/.github/DISCUSSION_TEMPLATE/2-4.yml
@@ -22,6 +22,7 @@ body:
         - 2.4.90
         - 2.4.100
         - 2.4.110
+        - 2.4.111
         - 2.4.120
         - Other (please provide detail below)
     validations:
diff --git a/DOWNLOAD_AND_VERIFY_ISO.md b/DOWNLOAD_AND_VERIFY_ISO.md
index 18a38a91c..57a07e53c 100644
--- a/DOWNLOAD_AND_VERIFY_ISO.md
+++ b/DOWNLOAD_AND_VERIFY_ISO.md
@@ -1,17 +1,17 @@
-### 2.4.110-20241010 ISO image released on 2024/10/10
+### 2.4.111-20241217 ISO image released on 2024/12/18
 
 
 ### Download and Verify
 
-2.4.110-20241010 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.4.110-20241010.iso
+2.4.111-20241217 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.4.111-20241217.iso
  
-MD5: A8003DEBC4510D538F06238D9DBB86C0  
-SHA1: 441DE90A192C8FE8BEBAB9ACE1A3CC18F71A2B1F  
-SHA256: B087A0D12FC2CA3CCD02BD52E52421F4F60DC09BF826337A057E05A04D114CCE  
+MD5: 767823D75EB76A6DC6132F799FD0E720  
+SHA1: 0A7B6918FE5D4BC89EE3F2E03B4F8F4D6255141D  
+SHA256: 394BFCED9B5EAA0788E2D04806231B3A170839394AAF8DD23B4CE0EB9D6EF727  
 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.110-20241010.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.111-20241217.iso.sig
 
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.4/main/KEYS  
@@ -25,22 +25,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/2.
 
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.110-20241010.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/2.4/main/sigs/securityonion-2.4.111-20241217.iso.sig
 ```
 
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.4.110-20241010.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.4.111-20241217.iso
 ```
 
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.4.110-20241010.iso.sig securityonion-2.4.110-20241010.iso
+gpg --verify securityonion-2.4.111-20241217.iso.sig securityonion-2.4.111-20241217.iso
 ```
 
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Thu 10 Oct 2024 07:05:30 AM EDT using RSA key ID FE507013
+gpg: Signature made Tue 17 Dec 2024 04:33:10 PM EST using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
diff --git a/VERSION b/VERSION
index b47ca7775..580cd0c49 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.4.120
+2.4.120
\ No newline at end of file
diff --git a/salt/docker/defaults.yaml b/salt/docker/defaults.yaml
index 21cdf606c..7c776937d 100644
--- a/salt/docker/defaults.yaml
+++ b/salt/docker/defaults.yaml
@@ -82,6 +82,7 @@ docker:
         - 443:443
         - 8443:8443
         - 7788:7788
+        - 7789:7789
       custom_bind_mounts: []
       extra_hosts: []
       extra_env: []
diff --git a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_opencti.indicator@custom.json b/salt/elasticsearch/templates/component/elastic-agent/logs-ti_opencti.indicator@custom.json
new file mode 100644
index 000000000..17319ab9f
--- /dev/null
+++ b/salt/elasticsearch/templates/component/elastic-agent/logs-ti_opencti.indicator@custom.json
@@ -0,0 +1,36 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "host": {
+	  "properties":{
+            "ip": {
+              "type": "ip"
+            }
+	  }
+	},
+	"related": {
+          "properties":{
+            "ip": {
+              "type": "ip"
+            }
+          }
+        },
+	"destination": {
+          "properties":{
+            "ip": {
+              "type": "ip"
+            }
+          }
+        },
+	"source": {
+          "properties":{
+            "ip": {
+              "type": "ip"
+            }
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index 3a57a19e2..77227c569 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -944,7 +944,7 @@ update_airgap_rules() {
   rsync -av $UPDATE_DIR/agrules/detect-sigma/* /nsm/rules/detect-sigma/
   rsync -av $UPDATE_DIR/agrules/detect-yara/* /nsm/rules/detect-yara/
   # Copy the securityonion-resorces repo over for SOC Detection Summaries and checkout the published summaries branch
-  rsync -av --chown=socore:socore $UPDATE_DIR/agrules/securityonion-resources /opt/so/conf/soc/ai_summary_repos
+  rsync -av --delete --chown=socore:socore $UPDATE_DIR/agrules/securityonion-resources /opt/so/conf/soc/ai_summary_repos
   git config --global --add safe.directory /opt/so/conf/soc/ai_summary_repos/securityonion-resources
   git -C /opt/so/conf/soc/ai_summary_repos/securityonion-resources checkout generated-summaries-published
   # Copy the securityonion-resorces repo over to nsm
diff --git a/sigs/securityonion-2.4.111-20241217.iso.sig b/sigs/securityonion-2.4.111-20241217.iso.sig
new file mode 100644
index 000000000..e3545c57a
Binary files /dev/null and b/sigs/securityonion-2.4.111-20241217.iso.sig differ