diff --git a/pillar/top.sls b/pillar/top.sls
index ffa99de59..77e0c1672 100644
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -27,3 +27,7 @@ base:
     - nodes.{{ grains.id }}
     - static
     - firewall.*
+
+  'G@role:so-helix':
+    - fireeye
+    - static
diff --git a/setup/functions.sh b/setup/functions.sh
index ff546ea31..8ae3a28c1 100644
--- a/setup/functions.sh
+++ b/setup/functions.sh
@@ -476,6 +476,17 @@ filter_unused_nics() {
   FNICS=$(ip link | grep -vwe $grep_string | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}')
 }
 
+fireeye_pillar() {
+
+  FIREEYEPILLARPATH=$TMP/pillar/fireeye
+
+  echo "" >> $FIREEYEPILLARPATH/init.sls
+  echo "fireeye:" >> $FIREEYEPILLARPATH/init.sls
+  echo "  helix:" >> $FIREEYEPILLARPATH/init.sls
+  echo "    api_key: $HELIXAPIKEY" >> $FIREEYEPILLARPATH/init.sls
+
+}
+
 generate_passwords(){
   # Generate Random Passwords for Things
   MYSQLPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
diff --git a/setup/so-setup.sh b/setup/so-setup.sh
index eb2d54117..142bab9e0 100644
--- a/setup/so-setup.sh
+++ b/setup/so-setup.sh
@@ -193,6 +193,8 @@ if (whiptail_you_sure) ; then
       master_pillar >> $SETUPLOG 2>&1
       echo "** Generating the patch pillar **" >> $SETUPLOG
       patch_pillar >> $SETUPLOG 2>&1
+      echo "** Generating the FireEye pillar **" >> $SETUPLOG
+      fireeye_pillar >> $SETUPLOG 2>&1
       echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
       copy_minion_tmp_files >> $SETUPLOG 2>&1
       # Do a checkin to push the key up