diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml
index 6fb795bce..52964b9cf 100644
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -3958,10 +3958,13 @@ elasticsearch:
         - vulnerability-mappings
         - common-settings
         - common-dynamic-mappings
+        - logs-redis.log@package
+        - logs-redis.log@custom
         data_stream:
           allow_custom_routing: false
           hidden: false
-        ignore_missing_component_templates: []
+        ignore_missing_component_templates:
+        - logs-redis.log@custom
         index_patterns:
         - logs-redis.log*
         priority: 501
diff --git a/salt/elasticsearch/files/ingest/zeek.ja4d b/salt/elasticsearch/files/ingest/zeek.ja4d
new file mode 100644
index 000000000..206622c49
--- /dev/null
+++ b/salt/elasticsearch/files/ingest/zeek.ja4d
@@ -0,0 +1,71 @@
+{
+    "description": "zeek.ja4d",
+    "processors": [
+        {
+            "set": {
+                "field": "event.dataset",
+                "value": "ja4d"
+            }
+        },
+        {
+            "remove": {
+                "field": [
+                    "host"
+                ],
+                "ignore_failure": true
+            }
+        },
+        {
+            "json": {
+                "field": "message",
+                "target_field": "message2",
+                "ignore_failure": true
+            }
+        },
+        {
+            "rename": {
+                "field": "message2.ja4d",
+                "target_field": "hash.ja4d",
+                "ignore_missing": true,
+                "if": "ctx?.message2?.ja4d != null && ctx.message2.ja4d.length() > 0"
+            }
+        },
+        {
+            "rename": {
+                "field": "message2.client_mac",
+                "target_field": "host.mac",
+                "ignore_missing": true,
+                "if": "ctx?.message2?.client_mac != null && ctx.message2.client_mac.length() > 0"
+            }
+        },
+        {
+            "rename": {
+                "field": "message2.hostname",
+                "target_field": "host.hostname",
+                "ignore_missing": true,
+                "if": "ctx?.message2?.hostname != null && ctx.message2.hostname.length() > 0"
+            }
+        },
+        {
+            "rename": {
+                "field": "message2.requested_ip",
+                "target_field": "dhcp.requested_address",
+                "ignore_missing": true,
+                "if": "ctx?.message2?.requested_ip != null && ctx.message2.requested_ip.length() > 0"
+            }
+        },
+        {
+            "rename": {
+                "field": "message2.vendor_class_id",
+                "target_field": "zeek.ja4d.vendor_class_id",
+                "ignore_missing": true,
+                "if": "ctx?.message2?.vendor_class_id != null && ctx.message2.vendor_class_id.length() > 0"
+            }
+        },
+        {
+            "pipeline": {
+                "name": "zeek.common"
+            }
+        }
+    ]
+}
\ No newline at end of file
diff --git a/salt/strelka/defaults.yaml b/salt/strelka/defaults.yaml
index 4d69bf53b..302a45af4 100644
--- a/salt/strelka/defaults.yaml
+++ b/salt/strelka/defaults.yaml
@@ -261,7 +261,7 @@ strelka:
               priority: 5
               options:
                 limit: 1000
-          'ScanLNK':
+          'ScanLnk':
             - positive:
                 flavors:
                   - 'lnk_file'
diff --git a/salt/strelka/soc_strelka.yaml b/salt/strelka/soc_strelka.yaml
index 0066bd6c3..65ff950b8 100644
--- a/salt/strelka/soc_strelka.yaml
+++ b/salt/strelka/soc_strelka.yaml
@@ -99,7 +99,7 @@ strelka:
           'ScanJpeg': *scannerOptions
           'ScanJson': *scannerOptions
           'ScanLibarchive': *scannerOptions
-          'ScanLNK': *scannerOptions
+          'ScanLnk': *scannerOptions
           'ScanLsb': *scannerOptions
           'ScanLzma': *scannerOptions
           'ScanMacho': *scannerOptions