diff --git a/exclude-list.txt b/exclude-list.txt
deleted file mode 100644
index e69de29bb..000000000
diff --git a/salt/common/tools/sbin/so-docker-refresh b/salt/common/tools/sbin/so-docker-refresh
index 11200864f..16b8fb930 100644
--- a/salt/common/tools/sbin/so-docker-refresh
+++ b/salt/common/tools/sbin/so-docker-refresh
@@ -78,6 +78,7 @@ if [ $MANAGERCHECK != 'so-helix' ]; then
     "so-logstash:$VERSION" \
     "so-mysql:$VERSION" \
     "so-nginx:$VERSION" \
+    "so-pcaptools:$VERSION" \
     "so-playbook:$VERSION" \
     "so-redis:$VERSION" \
     "so-soc:$VERSION" \
diff --git a/salt/common/tools/sbin/so-features-enable b/salt/common/tools/sbin/so-features-enable
index edc378bc5..b4e471c99 100755
--- a/salt/common/tools/sbin/so-features-enable
+++ b/salt/common/tools/sbin/so-features-enable
@@ -17,6 +17,17 @@
 . /usr/sbin/so-common
 local_salt_dir=/opt/so/saltstack/local
 
+manager_check() {
+  # Check to see if this is a manager
+  MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
+  if [ $MANAGERCHECK == 'so-eval' OR $MANAGERCHECK == 'so-manager' OR $MANAGERCHECK == 'so-managersearch' ]; then
+    echo "This is a manager. We can proceed."
+  else
+    echo "Please run so-features-enable on the manager."
+    exit 0
+}
+
+manager_check
 VERSION=$(grep soversion $local_salt_dir/pillar/static.sls | cut -d':' -f2|sed 's/ //g')
 # Modify static.sls to enable Features
 sed -i 's/features: False/features: True/' $local_salt_dir/pillar/static.sls
diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index 7c471aa34..7ce5b2ac0 100644
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -15,23 +15,170 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-clone_to_tmp() {
+. /usr/sbin/so-common
+UPDATE_DIR=/tmp/sogh/securityonion
+INSTALLEDVERSION=$(cat /etc/soversion)
+default_salt_dir=/opt/so/saltstack/default
 
+manager_check() {
+  # Check to see if this is a manager
+  MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
+  if [ $MANAGERCHECK == 'so-eval' OR $MANAGERCHECK == 'so-manager' OR $MANAGERCHECK == 'so-managersearch' ]; then
+    echo "This is a manager. We can proceed"
+  else
+    echo "Please run soup on the manager. The manager controls all updates."
+    exit 0
+}
+
+clean_dockers() {
+  # Place Holder for cleaning up old docker images
+  echo ""
+}
+
+clone_to_tmp() {
   # TODO Need to add a air gap option
+  # Clean old files
+  rm -rf /tmp/sogh
   # Make a temp location for the files
-  rm -rf /tmp/soup
-  mkdir -p /tmp/soup
-  cd /tmp/soup
-  #git clone -b dev https://github.com/Security-Onion-Solutions/securityonion-saltstack.git
-  git clone https://github.com/Security-Onion-Solutions/securityonion-saltstack.git
+  mkdir -p /tmp/sogh
+  cd /tmp/sogh
+  #git clone -b dev https://github.com/Security-Onion-Solutions/securityonion.git
+  git clone https://github.com/Security-Onion-Solutions/securityonion.git
+  cd /tmp
+  if [ ! -f $UPDATE_DIR/VERSION ]; then
+    echo "Update was unable to pull from github. Please check your internet."
+    exit 0
+  fi
+}
+
+copy_new_files() {
+  # Copy new files over to the salt dir
+  cd /tmp/sogh/securityonion
+  rsync -a salt $default_salt_dir/
+  rsync -a pillar $default_salt_dir/
+  chown -R socore:socore $default_salt_dir/
+  chmod 755 $default_salt_dir/pillar/firewall/addfirewall.sh
+  cd /tmp
+}
+
+highstate() {
+  # Run a highstate but first cancel a running one.
+  salt-call saltutil.kill_all_jobs
+  salt-call state.highstate
+}
+
+pillar_changes() {
+    # This function is to add any new pillar items if needed.
+    echo "Checking to see if pillar changes are needed"
 
 }
 
-# Prompt the user that this requires internets
+update_dockers() {
+    # List all the containers
+    if [ $MANAGERCHECK != 'so-helix' ]; then
+      TRUSTED_CONTAINERS=( \
+      "so-acng" \
+      "so-thehive-cortex" \
+      "so-curator" \
+      "so-domainstats" \
+      "so-elastalert" \
+      "so-elasticsearch" \
+      "so-filebeat" \
+      "so-fleet" \
+      "so-fleet-launcher" \
+      "so-freqserver" \
+      "so-grafana" \
+      "so-idstools" \
+      "so-influxdb" \
+      "so-kibana" \
+      "so-kratos" \
+      "so-logstash" \
+      "so-mysql" \
+      "so-nginx" \
+      "so-pcaptools" \
+      "so-playbook" \
+      "so-redis" \
+      "so-soc" \
+      "so-soctopus" \
+      "so-steno" \
+      "so-strelka" \
+      "so-suricata" \
+      "so-telegraf" \
+      "so-thehive" \
+      "so-thehive-es" \
+      "so-wazuh" \
+      "so-zeek" )
+    else
+      TRUSTED_CONTAINERS=( \
+      "so-filebeat" \
+      "so-idstools" \
+      "so-logstash" \
+      "so-nginx" \
+      "so-redis" \
+      "so-steno" \
+      "so-suricata" \
+      "so-telegraf" \
+      "so-zeek" )
+    fi
 
+# Download the containers from the interwebs
+    for i in "${TRUSTED_CONTAINERS[@]}"
+    do
+      # Pull down the trusted docker image
+      echo "Downloading $i:$NEWVERSION"
+      docker pull --disable-content-trust=false docker.io/$IMAGEREPO/$i:$NEWVERSION
+      # Tag it with the new registry destination
+      docker tag $IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION
+      docker push $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION
+    done
+
+}
+
+update_version() {
+  # Update the version to the latest
+  echo "Updating the version file."
+  echo $NEWVERSION > /etc/soversion
+}
+
+upgrade_check() {
+    # Let's make sure we actually need to update.
+    NEWVERSION=$(cat $UPDATE_DIR/VERSION)
+    if [ $INSTALLEDVERSION == $NEWVERSION ]; then
+      echo "You are already running the latest version of Security Onion."
+      exit 0
+    else
+      echo "Performing Upgrade from $INSTALLEDVERSION to $NEWVERSION"
+    fi 
+}
+
+verify_latest_update_script() {
+    # Check to see if the update scripts match. If not run the new one.
+    CURRENTSOUP=$(md5sum /usr/sbin/soup)
+    GITSOUP=$(md5sum /tmp/sogh/securityonion/salt/common/tools/sbin/soup)
+    if [ $CURRENTSOUP == $GITSOUP ]; then
+      echo "The scripts match"
+    else
+      echo "They don't match"
+      cp $UPDATE_DIR/salt/sommon/tools/sbin/soup /usr/sbin/soup
+      cp $UPDATE_DIR/salt/common/tools/sbin/soup $default_salt_dir/salt/common/tools/sbin/
+      echo "soup has been updated. Please run soup again"
+      exit 0
+    fi
+}
+
+manager_check
 clone_to_tmp
-cd /tmp/soup/securityonion-saltstack/update
-chmod +x soup
-./soup
+verify_latest_update_script
+upgrade_check
+pillar_changes
+clean_dockers
+update_dockers
+copy_new_files
+highstate
+update_version
+
+
+
+
 
 
diff --git a/upgrade/so-update-functions b/upgrade/so-update-functions
deleted file mode 100644
index 3ab79df39..000000000
--- a/upgrade/so-update-functions
+++ /dev/null
@@ -1,205 +0,0 @@
-#!/bin/bash
-
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
-
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-. /usr/sbin/so-common
-
-# Set the new SO Version
-UPDATEVERSION=1.2.2
-BUILD=HH
-
-#Determine the current install version
-
-if [ -f /etc/soversion ]; then
-  OLDVERSION=$(cat /etc/soversion)
-else
-  OLDVERSION=1.1.4
-fi
-
-# Use the hostname
-HOSTNAME=$(hostname)
-
-# List all the containers
-if [ $MANAGERCHECK != 'so-helix' ]; then
-    TRUSTED_CONTAINERS=( \
-    "so-acng:$BUILD$UPDATEVERSION" \
-    "so-thehive-cortex:$BUILD$UPDATEVERSION" \
-    "so-curator:$BUILD$UPDATEVERSION" \
-    "so-domainstats:$BUILD$UPDATEVERSION" \
-    "so-elastalert:$BUILD$UPDATEVERSION" \
-    "so-elasticsearch:$BUILD$UPDATEVERSION" \
-    "so-filebeat:$BUILD$UPDATEVERSION" \
-    "so-fleet:$BUILD$UPDATEVERSION" \
-    "so-fleet-launcher:$BUILD$UPDATEVERSION" \
-    "so-freqserver:$BUILD$UPDATEVERSION" \
-    "so-grafana:$BUILD$UPDATEVERSION" \
-    "so-idstools:$BUILD$UPDATEVERSION" \
-    "so-influxdb:$BUILD$UPDATEVERSION" \
-    "so-kibana:$BUILD$UPDATEVERSION" \
-    "so-kratos:$BUILD$UPDATEVERSION" \
-    "so-logstash:$BUILD$UPDATEVERSION" \
-    "so-mysql:$BUILD$UPDATEVERSION" \
-    "so-nginx:$BUILD$UPDATEVERSION" \
-    "so-playbook:$BUILD$UPDATEVERSION" \
-    "so-redis:$BUILD$UPDATEVERSION" \
-    "so-soc:$BUILD$UPDATEVERSION" \
-    "so-soctopus:$BUILD$UPDATEVERSION" \
-    "so-steno:$BUILD$UPDATEVERSION" \
-    "so-strelka:$BUILD$UPDATEVERSION" \
-    "so-suricata:$BUILD$UPDATEVERSION" \
-    "so-telegraf:$BUILD$UPDATEVERSION" \
-    "so-thehive:$BUILD$UPDATEVERSION" \
-    "so-thehive-es:$BUILD$UPDATEVERSION" \
-    "so-wazuh:$BUILD$UPDATEVERSION" \
-    "so-zeek:$BUILD$UPDATEVERSION" )
-  else
-    TRUSTED_CONTAINERS=( \
-    "so-filebeat:$BUILD$UPDATEVERSION" \
-    "so-idstools:$BUILD$UPDATEVERSION" \
-    "so-logstash:$BUILD$UPDATEVERSION" \
-    "so-nginx:$BUILD$UPDATEVERSION" \
-    "so-redis:$BUILD$UPDATEVERSION" \
-    "so-steno:$BUILD$UPDATEVERSION" \
-    "so-suricata:$BUILD$UPDATEVERSION" \
-    "so-telegraf:$BUILD$UPDATEVERSION" \
-    "so-zeek:$BUILD$UPDATEVERSION" )
-  fi
-
-
-clone_to_tmp() {
-
-  # TODO Need to add a air gap option
-  # Make a temp location for the files
-  mkdir /tmp/sogh
-  cd /tmp/sogh
-  #git clone -b dev https://github.com/Security-Onion-Solutions/securityonion-saltstack.git
-  git clone https://github.com/Security-Onion-Solutions/securityonion-saltstack.git
-  cd /tmp
-
-}
-
-copy_new_files() {
-
-  # Copy new files over to the salt dir
-  cd /tmp/sogh/securityonion-saltstack
-  rsync -a --exclude-from 'exclude-list.txt' salt $default_salt_dir/
-  chown -R socore:socore $default_salt_dir/salt
-  chmod 755 $default_salt_dir/pillar/firewall/addfirewall.sh
-  cd /tmp
-}
-
-detect_os() {
-
-  # Detect Base OS
-  echo "Detecting Base OS" >> $UPDATELOG 2>&1
-  if [ -f /etc/redhat-release ]; then
-    OS=centos
-    if grep -q "CentOS Linux release 7" /etc/redhat-release; then
-      OSVER=7
-    elif grep -q "CentOS Linux release 8" /etc/redhat-release; then
-      OSVER=8
-      echo "We currently do not support CentOS $OSVER but we are working on it!"
-      exit
-    else
-      echo "We do not support the version of CentOS you are trying to use"
-      exit
-    fi
-
-  elif [ -f /etc/os-release ]; then
-    OS=ubuntu
-    if grep -q "UBUNTU_CODENAME=bionic" /etc/os-release; then
-      OSVER=bionic
-    elif grep -q "UBUNTU_CODENAME=xenial" /etc/os-release; then
-      OSVER=xenial
-    else
-      echo "We do not support your current version of Ubuntu"
-      exit
-    fi
-  else
-    echo "We were unable to determine if you are using a supported OS." >> $UPDATELOG 2>&1
-    exit
-  fi
-
-  echo "Found OS: $OS $OSVER" >> $UPDATELOG 2>&1
-
-}
-
-manager_check() {
-  # Check to see if this is a manager
-  MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
-  if [ $MANAGERCHECK == 'so-eval' OR $MANAGERCHECK == 'so-manager' OR $MANAGERCHECK == 'so-managersearch' ]; then
-    echo "This is a manager. We can proceed"
-  else
-    echo "Please run soup on the manager. The manager controls all updates."
-    exit
-}
-
-salt_highstate() {
-
-  salt-call state.highstate
-
-}
-
-update_held_packages() {
-
-    if [ $OS == "centos" ]
-      SALTVER=2019.2.4
-      DOCKERVER=
-      yum -y --disableexcludes=all update salt-$SALTVER
-      yum -y --disableexcludes=all update docker-ce-$DOCKERVER
-    else
-      SALTVER=2019.2.4+ds-1
-      DOCKERVER=5:19.03.8~3-0~ubuntu-xenial
-    fi 
-
-}
-
-update_all_packages() {
-  
-  # Update all the things based on OS
-  if [ $OS == "centos" ]; then
-    yum -y update
-  else
-    apt -y update && apt -y upgrade
-  fi
-
-}
-
-update_docker_containers() {
-  
-  # Download the containers from the interwebs
-  for i in "${TRUSTED_CONTAINERS[@]}"
-  do
-    # Pull down the trusted docker image
-    echo "Downloading $i"
-    docker pull --disable-content-trust=false docker.io/$IMAGEREPO/$i
-    # Tag it with the new registry destination
-    docker tag $IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i
-    docker push $HOSTNAME:5000/$IMAGEREPO/$i
-  done
-
-  for i in "${TRUSTED_CONTAINERS[@]}"
-  do
-    echo "Removing $i locally"
-    docker rmi $IMAGEREPO/$i
-  done
-  
-}
-
-update_hh_version() {
-  # Change the version number in the static pillar
-
-}
diff --git a/upgrade/soup b/upgrade/soup
deleted file mode 100644
index 068782f04..000000000
--- a/upgrade/soup
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/bash
-
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
-
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-SCRIPTDIR=$(dirname "$0")
-source $SCRIPTDIR/so-update-functions
-
-# Update Packages
-manager_check
-update_all_packages
-update_held_packages
-
-
-