diff --git a/pillar/top.sls b/pillar/top.sls
index 60cface84..0c4c11957 100644
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -51,6 +51,8 @@ base:
     - adv_global
     - manager.soc_manager
     - manager.adv_manager
+    - idstools.soc_idstools
+    - idstools.adv_idstools
     - soc.soc_soc
     - soc.adv_soc
     - kratos.soc_kratos
@@ -90,6 +92,9 @@ base:
     - elasticsearch.soc_elasticsearch
     - elasticsearch.adv_elasticsearch
     - manager.soc_manager
+    - manager.adv_manager
+    - idstools.soc_idstools
+    - idstools.adv_idstools
     - soc.soc_soc
     - kratos.soc_kratos
     - kratos.adv_kratos
@@ -120,6 +125,8 @@ base:
     - secrets
     - healthcheck.standalone
     - soc_global
+    - idstools.soc_idstools
+    - idstools.adv_idstools
     - kratos.soc_kratos
     - kratos.adv_kratos
     - redis.soc_redis
@@ -129,6 +136,7 @@ base:
     - elasticsearch.soc_elasticsearch
     - elasticsearch.adv_elasticsearch
     - manager.soc_manager
+    - manager.adv_manager
     - soc.soc_soc
     - backup.soc_backup
     - backup.adv_backup
@@ -195,6 +203,7 @@ base:
     - elasticsearch.soc_elasticsearch
     - elasticsearch.adv_elasticsearch
     - manager.soc_manager
+    - manager.adv_manager
     - soc.soc_soc
     - soc_global
     - adv_global
diff --git a/salt/idh/init.sls b/salt/idh/init.sls
index 2cf22c358..d1ba5ce33 100644
--- a/salt/idh/init.sls
+++ b/salt/idh/init.sls
@@ -74,6 +74,8 @@ so-idh:
       - file: opencanary_config
     - require:
       - file: opencanary_config
+    - extra_hosts:
+      - {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
 
 append_so-idh_so-status.conf:
   file.append:
diff --git a/salt/idstools/defaults.yaml b/salt/idstools/defaults.yaml
new file mode 100644
index 000000000..e937ebc2d
--- /dev/null
+++ b/salt/idstools/defaults.yaml
@@ -0,0 +1,9 @@
+idstools:
+  config:
+    urls: []
+    ruleset: ETOPEN
+    oinkcode: ""
+  sids:
+    enabled: []
+    disabled: []
+    modify: []
\ No newline at end of file
diff --git a/salt/idstools/etc/rulecat.conf b/salt/idstools/etc/rulecat.conf
index 2b1a8cae1..fad421243 100644
--- a/salt/idstools/etc/rulecat.conf
+++ b/salt/idstools/etc/rulecat.conf
@@ -1,17 +1,14 @@
-{%- set URLS = salt['pillar.get']('idstools:config:urls') -%}
-{%- set RULESET = salt['pillar.get']('idstools:config:ruleset') -%}
-{%- set OINKCODE = salt['pillar.get']('idstools:config:oinkcode', '' ) -%}
-{%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') -%}
-{%- set MANAGERIP = salt['pillar.get']('global:managerip', '') -%}
-{%- set ENGINE = salt['pillar.get']('global:mdengine', '') %}
-{%- if ISAIRGAP is sameas true -%}
+{%- from 'vars/globals.map.jinja' import GLOBALS %}
+{%- import_yaml 'idstools/defaults.yaml' as IDSTOOLSDEFAULTS %}
+{%- set IDSTOOLSMERGED = salt['pillar.get']('idstools', IDSTOOLSDEFAULTS.idstools, merge=True) %}
+{%- if GLOBALS.airgap is sameas true -%}
 --merged=/opt/so/rules/nids/all.rules
 --local=/opt/so/rules/nids/local.rules
-{%- if ENGINE == "SURICATA" %}
+{%-   if GLOBAL.md_engine == "SURICATA" %}
 --local=/opt/so/rules/nids/sorules/extraction.rules
 --local=/opt/so/rules/nids/sorules/filters.rules
-{%- endif %}
---url=http://{{ MANAGERIP }}:7788/rules/emerging-all.rules
+{%-   endif %}
+--url=http://{{ GLOBALS.manager }}:7788/rules/emerging-all.rules
 --disable=/opt/so/idstools/etc/disable.conf
 --enable=/opt/so/idstools/etc/enable.conf
 --modify=/opt/so/idstools/etc/modify.conf
@@ -19,23 +16,23 @@
 --suricata-version=6.0
 --merged=/opt/so/rules/nids/all.rules
 --local=/opt/so/rules/nids/local.rules
-{%- if ENGINE == "SURICATA" %}
+{%-   if GLOBALS.md_engine == "SURICATA" %}
 --local=/opt/so/rules/nids/sorules/extraction.rules
 --local=/opt/so/rules/nids/sorules/filters.rules
-{%- endif %}
+{%-   endif %}
 --disable=/opt/so/idstools/etc/disable.conf
 --enable=/opt/so/idstools/etc/enable.conf
 --modify=/opt/so/idstools/etc/modify.conf
-  {%- if RULESET == 'ETOPEN' %}
+{%-   if IDSTOOLSMERGED.config.ruleset == 'ETOPEN' %}
 --etopen
-  {%- elif RULESET == 'ETPRO' %}
---etpro={{ OINKCODE }}
-  {%- elif RULESET == 'TALOS' %}
---url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ OINKCODE }}
-  {%- endif %}
+{%-   elif IDSTOOLSMERGED.config.ruleset == 'ETPRO' %}
+--etpro={{ IDSTOOLSMERGED.config.oinkcode }}
+{%-   elif IDSTOOLSMERGED.config.ruleset == 'TALOS' %}
+--url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ IDSTOOLSMERGED.config.oinkcode }}
+{%-   endif %}
 {%- endif %}
-{%- if URLS != None %}
-{%- for URL in URLS %}
+{%- if IDSTOOLSMERGED.config.urls | length > 0 %}
+{%-   for URL in IDSTOOLSMERGED.config.urls %}
 --url={{ URL }}
-{%- endfor %}
+{%-   endfor %}
 {%- endif %}
\ No newline at end of file
diff --git a/setup/so-functions b/setup/so-functions
index 78033bda5..2f5c8e1a0 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1359,18 +1359,6 @@ ls_heapsize() {
 idstools_pillar() {
 	title "Ading IDSTOOLS pillar options"
 	touch $adv_idstools_pillar_file
-	printf '%s\n'\
-		"idstools:"\
-		"  config:"\
-		"    ruleset: '$RULESETUP'"\
-		"    oinkcode: '$OINKCODE'"\
-		"    urls: []"\
-		"  sids:"\
-		"    enabled: []"\
-		"    disabled: []"\
-		"    modify: []"\
-		"" > "$idstools_pillar_file"
-
 }
 
 soc_pillar() {