diff --git a/pillar/salt/master.sls b/pillar/salt/master.sls
index a34a96b9e..531f0ddb4 100644
--- a/pillar/salt/master.sls
+++ b/pillar/salt/master.sls
@@ -1,4 +1,4 @@
 #version cannot be used elsewhere in this pillar as soup is grepping for it to determine if Salt needs to be patched
 salt:
   master:
-    version: 3001
\ No newline at end of file
+    version: 3001.1
\ No newline at end of file
diff --git a/pillar/salt/minion.sls b/pillar/salt/minion.sls
index 4978a4a73..6abec03f5 100644
--- a/pillar/salt/minion.sls
+++ b/pillar/salt/minion.sls
@@ -1,4 +1,4 @@
 #version cannot be used elsewhere in this pillar as soup is grepping for it to determine if Salt needs to be patched
 salt:
   minion:
-    version: 3001
\ No newline at end of file
+    version: 3001.1
\ No newline at end of file
diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index ca4bc518b..280a9abb1 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -20,6 +20,7 @@ UPDATE_DIR=/tmp/sogh/securityonion
 INSTALLEDVERSION=$(cat /etc/soversion)
 INSTALLEDSALTVERSION=$(salt --versions-report | grep Salt: | awk {'print $2'})
 default_salt_dir=/opt/so/saltstack/default
+SOUP_BRANCH=$1
 
 manager_check() {
   # Check to see if this is a manager
@@ -44,11 +45,11 @@ clone_to_tmp() {
   # Make a temp location for the files
   mkdir -p /tmp/sogh
   cd /tmp/sogh
-  SOUP_BRANCH=""
-  if [ -n "$BRANCH" ]; then
-    SOUP_BRANCH="-b $BRANCH"
+  if [ -n "$SOUP_BRANCH" ]; then
+    git clone -b $SOUP_BRANCH https://github.com/Security-Onion-Solutions/securityonion.git
+  else
+    git clone https://github.com/Security-Onion-Solutions/securityonion.git
   fi
-  git clone $SOUP_BRANCH https://github.com/Security-Onion-Solutions/securityonion.git
   cd /tmp
   if [ ! -f $UPDATE_DIR/VERSION ]; then
     echo "Update was unable to pull from github. Please check your internet."
@@ -151,7 +152,12 @@ update_version() {
 
 upgrade_check() {
     # Let's make sure we actually need to update.
-    NEWVERSION=$(cat $UPDATE_DIR/VERSION)
+    if [ -n "$SOUP_BRANCH" ]; then
+      NEWVERSION="$SOUP_BRANCH"
+    else
+      NEWVERSION=$(cat $UPDATE_DIR/VERSION)
+    fi
+    
     if [ "$INSTALLEDVERSION" == "$NEWVERSION" ]; then
       echo "You are already running the latest version of Security Onion."
       exit 0
diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index d76ebcb57..a382a4ed2 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -253,7 +253,7 @@ fbcertdir:
     - name: /opt/so/conf/filebeat/etc/pki
     - makedirs: True
 
-/etc/pki/filebeat.key:
+/opt/so/conf/filebeat/etc/pki/filebeat.key:
   x509.private_key_managed:
     - CN: {{ manager }}
     - bits: 4096
@@ -261,9 +261,9 @@ fbcertdir:
     - days_valid: 820
     - backup: True
     - new: True
-    {% if salt['file.file_exists']('/etc/pki/filebeat.key') -%}
+    {% if salt['file.file_exists']('/opt/so/conf/filebeat/etc/pki/filebeat.key') -%}
     - prereq:
-      - x509: /etc/pki/filebeat.crt
+      - x509: /opt/so/conf/filebeat/etc/pki/filebeat.crt
     {%- endif %}
 
 # Request a cert and drop it where it needs to go to be distributed