diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index 1d57aff6..b1fec61b 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -15,8 +15,9 @@ wazuh_agent_authd:
   ssl_agent_cert: null
   ssl_agent_key: null
   ssl_auto_negotiate: 'no'
-wazuh_notify_time: null
-wazuh_time_reconnect: null
+wazuh_notify_time: '10'
+wazuh_time_reconnect: '60'
+wazuh_crypto_method: 'aes'
 wazuh_winagent_config:
   install_dir: 'C:\wazuh-agent\'
   version: '3.7.0'
@@ -24,16 +25,26 @@ wazuh_winagent_config:
   repo: https://packages.wazuh.com/3.x/windows/
   md5: 43936e7bc7eb51bd186f47dac4a6f477
 wazuh_agent_config:
-  active_response_disabled: 'no'
+  active_response:
+     ar_disabled: 'no'
+     ca_store: '/var/ossec/etc/wpk_root.pem'
+     ca_verification: 'yes'
   log_format: 'plain'
+  client_buffer:
+    disable: 'no'
+    queue_size: '5000'
+    events_per_sec: '500'
   syscheck:
     frequency: 43200
     scan_on_start: 'yes'
     auto_ignore: 'no'
     alert_new_files: 'yes'
+    remove_old_diff: 'yes'
+    restart_audit: 'yes'
+    skip_nfs: 'yes'
     ignore:
       - /etc/mtab
-      - /etc/mnttab
+      #- /etc/mnttab
       - /etc/hosts.deny
       - /etc/mail/statistics
       - /etc/random-seed
@@ -45,6 +56,8 @@ wazuh_agent_config:
       - /etc/cups/certs
       - /etc/dumpdates
       - /etc/svc/volatile
+      - /sys/kernel/security
+      - /sys/kernel/debug
     no_diff:
       - /etc/ssl/private.key
     directories:
@@ -59,12 +72,28 @@ wazuh_agent_config:
   rootcheck:
     frequency: 43200
   openscap:
-    disable: 'yes'
+    disable: 'no'
     timeout: 1800
     interval: '1d'
     scan_on_start: 'yes'
-  cis_cat:
+  osquery:
     disable: 'yes'
+    run_daemon: 'yes'
+    log_path: '/var/log/osquery/osqueryd.results.log'
+    config_path: '/etc/osquery/osquery.conf'
+    ad_labels: 'yes'
+  syscollector:
+    disable: 'no'
+    interval: '1h'
+    scan_on_start: 'yes'
+    hardware: 'yes'
+    os: 'yes'
+    network: 'yes'
+    packages: 'yes'
+    ports_no: 'yes'
+    processes: 'yes'
+  cis_cat:
+    disable: 'no'
     install_java: 'yes'
     timeout: 1800
     interval: '1d'
@@ -74,7 +103,7 @@ wazuh_agent_config:
     content:
       - type: 'xccdf'
         path: 'benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml'
-        profile: 'xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server'
+        profile: 'xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server'  
   vuls:
     disable: 'yes'
     interval: '1d'
@@ -87,16 +116,21 @@ wazuh_agent_config:
       - 'autoupdate'
   localfiles:
     - format: 'syslog'
-      location: '/var/log/messages'
+      location: '/var/ossec/logs/active-responses.log'
     - format: 'syslog'
-      location: '/var/log/secure'
+      location: '/var/log/auth.log'
     - format: 'syslog'
-      location: 'var/log/auth.log'
+      location: '/var/log/syslog'
+    - format: 'syslog'
+      location: '/var/log/dpkg.log'
+    - format: 'syslog'
+      location: '/var/log/kern.log'
     - format: 'command'
       command: 'df -P'
       frequency: '360'
     - format: 'full_command'
-      command: 'netstat -tln | grep -v 127.0.0.1 | sort'
+      command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
+      alias: 'netstat listening ports'      
       frequency: '360'
     - format: 'full_command'
       command: 'last -n 20'
diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
index f0d1c18b..6899c5ca 100644
--- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@@ -29,14 +29,22 @@
     <time-reconnect>{{ wazuh_time_reconnect }}</time-reconnect>
     {% endif %}
     <auto_restart>{{ wazuh_auto_restart }}</auto_restart>
+    <crypto_method>{{ wazuh_crypto_method }}</crypto_method>
   </client>
-
+  <client_buffer>
+    <!-- Agent buffer options -->
+    <disabled>{{ wazuh_agent_config.client_buffer.disable }}</disabled>
+    <queue_size>{{ wazuh_agent_config.client_buffer.queue_size }}</queue_size>
+    <events_per_second>{{ wazuh_agent_config.client_buffer.events_per_sec }}</events_per_second>
+  </client_buffer>
   <logging>
     <log_format>{{ wazuh_agent_config.log_format }}</log_format>
   </logging>
 
   <active-response>
-    <disabled>{{ wazuh_agent_config.active_response_disabled|default('no') }}</disabled>
+    <disabled>{{ wazuh_agent_config.active_response.ar|default('no') }}</disabled>
+    <ca_store>{{ wazuh_agent_config.active_response.ca_store }}</ca_store>
+    <ca_verification>{{ wazuh_agent_config.active_response.ca_verification }}</ca_verification>
   </active-response>
 
   {% if wazuh_agent_config.rootcheck is defined %}
@@ -74,15 +82,18 @@
   </rootcheck>
   {% endif %}
 
+  <!-- Directories to check  (perform all possible verifications) -->
   {% if wazuh_agent_config.syscheck is defined %}
   <syscheck>
     <disabled>no</disabled>
     {% if ansible_system == "Linux" %}
-    <directories check_all="yes" realtime="yes" restrict="^/var/ossec/etc/shared/agent.conf$">/var/ossec/etc/shared</directories>
+    #<directories check_all="yes" realtime="yes" restrict="^/var/ossec/etc/shared/agent.conf$">/var/ossec/etc/shared</directories>
+    <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
+    <directories check_all="yes">/bin,/sbin,/boot</directories>
     {% endif %}
 
     <auto_ignore>{{ wazuh_agent_config.syscheck.auto_ignore }}</auto_ignore>
-    <alert_new_files>{{ wazuh_agent_config.syscheck.alert_new_files }}</alert_new_files>
+    #<alert_new_files>{{ wazuh_agent_config.syscheck.alert_new_files }}</alert_new_files>
     <!-- Frequency that syscheck is executed -- default every 20 hours -->
     <frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency>
     <scan_on_start>{{ wazuh_agent_config.syscheck.scan_on_start }}</scan_on_start>
@@ -105,7 +116,14 @@
     {% for no_diff in wazuh_agent_config.syscheck.no_diff %}
     <nodiff>{{ no_diff }}</nodiff>
     {% endfor %}
+    
+    <skip_nfs>{{ wazuh_agent_config.syscheck.skip_nfs }}</skip_nfs>
+    <!-- Remove not monitored files -->
+    <remove_old_diff>{{ wazuh_agent_config.syscheck.remove_old_diff }}</remove_old_diff>
 
+    <!-- Allow the system to restart Auditd after installing the plugin -->
+    <restart_audit>{{ wazuh_agent_config.syscheck.restart_audit }}</restart_audit>
+ 
     {% if ansible_os_family == "Windows" %}
     {% for registry_key in wazuh_agent_config.syscheck.windows_registry %}
     {% if registry_key.arch is defined %}
@@ -191,6 +209,30 @@
   </wodle>
   {% endif %}
 
+  <!-- Osquery integration -->
+  <wodle name="osquery">
+    <disabled>{{ wazuh_agent_config.osquery.disable }}</disabled>
+    <run_daemon>{{ wazuh_agent_config.osquery.run_daemon }}</run_daemon>
+    <log_path>{{ wazuh_agent_config.osquery.log_path }}</log_path>
+    <config_path>{{ wazuh_agent_config.osquery.config_path }}</config_path>
+    <add_labels>{{ wazuh_agent_config.osquery.ad_labels }}</add_labels>
+  </wodle>
+
+  <!-- System inventory -->
+  <wodle name="syscollector">
+    <disabled>{{ wazuh_agent_config.syscollector.disable }}</disabled>
+    <interval>{{ wazuh_agent_config.syscollector.interval }}</interval>
+    <scan_on_start>{{ wazuh_agent_config.syscollector.scan_on_start }}</scan_on_start>
+    <hardware>{{ wazuh_agent_config.syscollector.hardware }}</hardware>
+    <os>{{ wazuh_agent_config.syscollector.os }}</os>
+    <network>{{ wazuh_agent_config.syscollector.network }}</network>
+    <packages>{{ wazuh_agent_config.syscollector.packages }}</packages>
+    <ports all="no">{{ wazuh_agent_config.syscollector.ports_no }}</ports>
+    <processes>{{ wazuh_agent_config.syscollector.processes }}</processes>
+  </wodle>
+
+
+
   {% if ansible_system == "Linux" and wazuh_agent_config.vuls.disable == 'no' %}
   <wodle name="command">
     <disabled>no</disabled>
diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 4d9cd709..1d91d460 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -41,6 +41,7 @@ wazuh_manager_config:
     - type: 'secure'
       port: '1514'
       protocol: 'udp'
+      queue_size: 131072
   authd:
     enable: true
     port: 1515
@@ -59,6 +60,8 @@ wazuh_manager_config:
     - 'admin@example.net'
   mail_smtp_server: localhost
   mail_from: wazuh-server@example.com
+  mail_maxperhour: 12
+  mail_queue_size: 131072
   extra_emails:
     - enable: false
       mail_to: 'admin@example.net'
@@ -82,13 +85,13 @@ wazuh_manager_config:
       user: null
       showlogs: null
   syscheck:
+    disable: 'no'
     frequency: 43200
     scan_on_start: 'yes'
     auto_ignore: 'no'
     alert_new_files: 'yes'
     ignore:
       - /etc/mtab
-      - /etc/mnttab
       - /etc/hosts.deny
       - /etc/mail/statistics
       - /etc/random-seed
@@ -100,13 +103,22 @@ wazuh_manager_config:
       - /etc/cups/certs
       - /etc/dumpdates
       - /etc/svc/volatile
+      - /sys/kernel/security
+      - /sys/kernel/debug
     no_diff:
       - /etc/ssl/private.key
     directories:
       - dirs: /etc,/usr/bin,/usr/sbin
         checks: 'check_all="yes"'
-      - dirs: /bin,/sbin
+      - dirs: /bin,/sbin,/boot
         checks: 'check_all="yes"'
+    auto_ignore_frequency:
+      frequency: 'frequency="10"'
+      timeframe: 'timeframe="3600"'
+      value: 'no'
+    skip_nfs: 'yes'
+    remove_old_diff: 'yes'
+    restart_audit: 'yes'
   rootcheck:
     frequency: 43200
   openscap:
@@ -121,11 +133,41 @@ wazuh_manager_config:
     interval: '1d'
     scan_on_start: 'yes'
     java_path: '/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin'
-    ciscat_path: '/var/ossec/wodles/ciscat'
+    ciscat_path: 'wodles/ciscat'
     content:
       - type: 'xccdf'
         path: 'benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml'
         profile: 'xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server'
+  osquery:
+    disable: 'yes'
+    run_daemon: 'yes'
+    log_path: '/var/log/osquery/osqueryd.results.log'
+    config_path: '/etc/osquery/osquery.conf'
+    ad_labels: 'yes'
+  syscollector:
+    disable: 'no'
+    interval: '1h'
+    scan_on_start: 'yes'
+    hardware: 'yes'
+    os: 'yes'
+    network: 'yes'
+    packages: 'yes'
+    ports_no: 'yes'
+    processes: 'yes'
+  vul_detector:
+    disable: 'yes'
+    interval: '5m'
+    ignore_time: '6h'
+    run_on_start: 'yes'
+    ubuntu:
+      disable: 'yes'
+      update_interval: '1h'
+    redhat:
+      disable: 'yes'
+      update_interval: '1h'
+    debian:
+      disable: 'yes'
+      update_interval: '1h'
   vuls:
     disable: 'yes'
     interval: '1d'
@@ -139,21 +181,26 @@ wazuh_manager_config:
   log_level: 1
   email_level: 12
   localfiles:
-    - format: 'syslog'
-      location: '/var/log/auth.log'
-    - format: 'syslog'
-      location: '/var/log/messages'
-    - format: 'syslog'
-      location: '/var/log/secure'
     - format: 'command'
       command: 'df -P'
       frequency: '360'
     - format: 'full_command'
-      command: 'netstat -tln | grep -v 127.0.0.1 | sort'
+      command: netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
+      alias: 'netstat listening ports'
       frequency: '360'
     - format: 'full_command'
       command: 'last -n 20'
       frequency: '360'
+    - format: 'syslog'
+      location: '/var/ossec/logs/active-responses.log'
+    - format: 'syslog'
+      location: '/var/log/auth.log'
+    - format: 'syslog'
+      location: '/var/log/syslog'
+    - format: 'syslog'
+      location: '/var/log/dpkg.log'
+    - format: 'syslog'
+      location: '/var/log/kern.log'
   globals:
     - '127.0.0.1'
     - '192.168.2.1'
@@ -186,6 +233,14 @@ wazuh_manager_config:
       executable: 'route-null.cmd'
       expect: 'srcip'
       timeout_allowed: 'yes'
+    - name: 'netsh'
+      executable: 'netsh.cmd'
+      expect: 'srcip'
+      timeout_allowed: 'yes'
+    - name: 'netsh-win-2016'
+      executable: 'netsh-win-2016.cmd'
+      expect: 'srcip'
+      timeout_allowed: 'yes'
   ruleset:
       rules_path: 'custom_ruleset/rules/'
       decoders_path: 'custom_ruleset/decoders/'
diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 0f37b560..b20d8f9a 100644
--- a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -21,47 +21,14 @@
     {% endfor %}
     <smtp_server>{{ wazuh_manager_config.mail_smtp_server }}</smtp_server>
     <email_from>{{ wazuh_manager_config.mail_from }}</email_from>
+    <email_maxperhour>{{ wazuh_manager_config.mail_maxperhour }}</email_maxperhour>
+    <queue_size>{{ wazuh_manager_config.mail_queue_size }}</queue_size>
   </global>
 
-  <cluster>
-    <disabled>{{ wazuh_manager_config.cluster.disable }}</disabled>
-    <name>{{ wazuh_manager_config.cluster.name }}</name>
-    <node_name>{{ wazuh_manager_config.cluster.node_name }}</node_name>
-    <node_type>{{ wazuh_manager_config.cluster.node_type }}</node_type>
-    <key>{{ wazuh_manager_config.cluster.key }}</key>
-    {% if wazuh_manager_config.cluster.interval is defined %}
-    <interval>{{ wazuh_manager_config.cluster.interval }}</interval>
-    {% endif %}
-    <port>{{ wazuh_manager_config.cluster.port }}</port>
-    <bind_addr>{{ wazuh_manager_config.cluster.bind_addr }}</bind_addr>
-    <nodes>
-    {% for node in wazuh_manager_config.cluster.nodes %}
-      <node>{{ node }}</node>
-    {% endfor %}
-    </nodes>
-    <hidden>{{ wazuh_manager_config.cluster.hidden }}</hidden>
-  </cluster>
-
-  <logging>
-    <log_format>{{ wazuh_manager_config.log_format }}</log_format>
-  </logging>
-
-{% if wazuh_manager_config.authd.enable == true %}
-  <auth>
-    <disabled>no</disabled>
-    {% if wazuh_manager_config.authd.port is not none %}<port>{{wazuh_manager_config.authd.port}}</port>{% else %}<port>1515</port>{% endif %}
-    {% if wazuh_manager_config.authd.use_source_ip is not none %}<use_source_ip>{{wazuh_manager_config.authd.use_source_ip}}</use_source_ip>{% endif %}
-    {% if wazuh_manager_config.authd.force_insert is not none %}<force_insert>{{wazuh_manager_config.authd.force_insert}}</force_insert>{% endif %}
-    {% if wazuh_manager_config.authd.force_time is not none %}<force_time>{{wazuh_manager_config.authd.force_time}}</force_time>{% endif %}
-    {% if wazuh_manager_config.authd.purge is not none %}<purge>{{wazuh_manager_config.authd.purge}}</purge>{% endif %}
-    {% if wazuh_manager_config.authd.use_password is not none %}<use_password>{{wazuh_manager_config.authd.use_password}}</use_password>{% endif %}
-    {% if wazuh_manager_config.authd.ssl_agent_ca is not none %}<ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca>{% endif %}
-    {% if wazuh_manager_config.authd.ssl_verify_host is not none %}<ssl_verify_host>{{wazuh_manager_config.authd.ssl_verify_host}}</ssl_verify_host>{% endif %}
-    {% if wazuh_manager_config.authd.ssl_manager_cert is not none %}<ssl_manager_cert>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}}</ssl_manager_cert>{% endif %}
-    {% if wazuh_manager_config.authd.ssl_manager_key is not none %}<ssl_manager_key>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}}</ssl_manager_key>{% endif %}
-    {% if wazuh_manager_config.authd.ssl_auto_negotiate is not none %}<ssl_auto_negotiate>{{wazuh_manager_config.authd.ssl_auto_negotiate}}</ssl_auto_negotiate>{% endif %}
-  </auth>
-{% endif %}
+  <alerts>
+    <log_alert_level>{{ wazuh_manager_config.log_level }}</log_alert_level>
+    <email_alert_level>{{ wazuh_manager_config.email_level }}</email_alert_level>
+  </alerts>
 
 {% if wazuh_manager_config.extra_emails is defined %}
 {% for mail in wazuh_manager_config.extra_emails %}
@@ -94,6 +61,32 @@
 {% endfor %}
 {% endif %}
 
+  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
+  <logging>
+    <log_format>{{ wazuh_manager_config.log_format }}</log_format>
+  </logging>
+
+   <remote>
+  {% for connection in wazuh_manager_config.connection %}
+    <connection>{{ connection.type }}</connection>
+    {% if connection.port is defined %}<port>{{ connection.port }}</port>{% endif %}
+    {% if connection.protocol is defined %}<protocol>{{ connection.protocol }}</protocol>{% endif %}
+    {% if connection.allowed_ips is defined %}
+    {% for allowed_ip in connection.allowed_ips %}
+    <allowed-ips>{{ allowed_ip }}</allowed-ips>
+    {% endfor %}
+    {% endif %}
+    {% if connection.denied_ips is defined %}
+    {% for denied_ip in connection.denied_ips %}
+    <denied-ips>{{ denied_ip }}</denied-ips>
+    {% endfor %}
+    {% endif %}
+    {% if connection.local_ip is defined %}<local_ip>{{ connection.local_ip }}</local_ip>{% endif %}
+    {% if connection.ipv6 is defined %}<ipv6>{{ connection.ipv6 }}</ipv6>{% endif %}
+        {% if connection.queue_size is defined %}<queue_size>{{connection.queue_size}}</queue_size>{% endif %}
+  {% endfor %}
+  </remote>
+
 {% if wazuh_manager_config.reports is defined %}
 {% for report in wazuh_manager_config.reports %}
 {% if report.enable == true %}
@@ -113,32 +106,8 @@
 {% endfor %}
 {% endif %}
 
-  <alerts>
-    <log_alert_level>{{ wazuh_manager_config.log_level }}</log_alert_level>
-    <email_alert_level>{{ wazuh_manager_config.email_level }}</email_alert_level>
-  </alerts>
-
-  <remote>
-  {% for connection in wazuh_manager_config.connection %}
-    <connection>{{ connection.type }}</connection>
-    {% if connection.port is defined %}<port>{{ connection.port }}</port>{% endif %}
-    {% if connection.protocol is defined %}<protocol>{{ connection.protocol }}</protocol>{% endif %}
-    {% if connection.allowed_ips is defined %}
-    {% for allowed_ip in connection.allowed_ips %}
-    <allowed-ips>{{ allowed_ip }}</allowed-ips>
-    {% endfor %}
-    {% endif %}
-    {% if connection.denied_ips is defined %}
-    {% for denied_ip in connection.denied_ips %}
-    <denied-ips>{{ denied_ip }}</denied-ips>
-    {% endfor %}
-    {% endif %}
-    {% if connection.local_ip is defined %}<local_ip>{{ connection.local_ip }}</local_ip>{% endif %}
-    {% if connection.ipv6 is defined %}<ipv6>{{ connection.ipv6 }}</ipv6>{% endif %}
-    {% if connection.queue_size is defined %}<queue_size>{{ connection.queue_size }}</queue_size>{% endif %}
-  {% endfor %}
-  </remote>
 
+  <!-- Policy monitoring -->
   <rootcheck>
     <disabled>no</disabled>
     <check_unixaudit>yes</check_unixaudit>
@@ -164,34 +133,7 @@
     <skip_nfs>yes</skip_nfs>
   </rootcheck>
 
-  <syscheck>
-    <auto_ignore>{{ wazuh_manager_config.syscheck.auto_ignore }}</auto_ignore>
-    <alert_new_files>{{ wazuh_manager_config.syscheck.alert_new_files }}</alert_new_files>
-    <!-- Frequency that syscheck is executed -- default every 20 hours -->
-    <frequency>{{ wazuh_manager_config.syscheck.frequency }}</frequency>
-    <scan_on_start>{{ wazuh_manager_config.syscheck.scan_on_start }}</scan_on_start>
-
-    <!-- Directories to check  (perform all possible verifications) -->
-    {% if wazuh_manager_config.syscheck.directories is defined %}
-    {% for directory in wazuh_manager_config.syscheck.directories %}
-    <directories {{ directory.checks }}>{{ directory.dirs }}</directories>
-    {% endfor %}
-    {% endif %}
-
-    <!-- Files/directories to ignore -->
-    {% if wazuh_manager_config.syscheck.ignore is defined %}
-    {% for ignore in wazuh_manager_config.syscheck.ignore %}
-    <ignore>{{ ignore }}</ignore>
-    {% endfor %}
-    {% endif %}
-
-    <!-- Files no diff -->
-    {% for no_diff in wazuh_manager_config.syscheck.no_diff %}
-    <nodiff>{{ no_diff }}</nodiff>
-    {% endfor %}
-  </syscheck>
-
-  {% if ansible_system == "Linux" and wazuh_manager_config.openscap.disable == 'no' %}
+    {% if ansible_system == "Linux" and wazuh_manager_config.openscap.disable == 'no' %}
   <wodle name="open-scap">
     <disabled>no</disabled>
     <timeout>{{ wazuh_manager_config.openscap.timeout }}</timeout>
@@ -244,14 +186,13 @@
   </wodle>
   {% endif %}
 
-  {% if wazuh_manager_config.cis_cat.disable == 'no' %}
   <wodle name="cis-cat">
-    <disabled>no</disabled>
+    <disabled>{{ wazuh_manager_config.cis_cat.disable}}</disabled>
     <timeout>{{ wazuh_manager_config.cis_cat.timeout }}</timeout>
     <interval>{{ wazuh_manager_config.cis_cat.interval }}</interval>
     <scan-on-start>{{ wazuh_manager_config.cis_cat.scan_on_start }}</scan-on-start>
     {% if wazuh_manager_config.cis_cat.install_java == 'yes' %}
-    <java_path>/usr/bin</java_path>
+    <java_path>wodles/java</java_path>
     {% else %}
     <java_path>{{ wazuh_manager_config.cis_cat.java_path }}</java_path>
     {% endif %}
@@ -262,7 +203,173 @@
     </content>
     {% endfor %}
   </wodle>
-  {% endif %}
+
+  <!-- Osquery integration -->
+  <wodle name="osquery">
+    <disabled>{{ wazuh_manager_config.osquery.disable }}</disabled>
+    <run_daemon>{{ wazuh_manager_config.osquery.run_daemon }}</run_daemon>
+    <log_path>{{ wazuh_manager_config.osquery.log_path }}</log_path>
+    <config_path>{{ wazuh_manager_config.osquery.config_path }}</config_path>
+    <add_labels>{{ wazuh_manager_config.osquery.ad_labels }}</add_labels>
+  </wodle>
+
+  <!-- System inventory -->
+  <wodle name="syscollector">
+    <disabled>{{ wazuh_manager_config.syscollector.disable }}</disabled>
+    <interval>{{ wazuh_manager_config.syscollector.interval }}</interval>
+    <scan_on_start>{{ wazuh_manager_config.syscollector.scan_on_start }}</scan_on_start>
+    <hardware>{{ wazuh_manager_config.syscollector.hardware }}</hardware>
+    <os>{{ wazuh_manager_config.syscollector.os }}</os>
+    <network>{{ wazuh_manager_config.syscollector.network }}</network>
+    <packages>{{ wazuh_manager_config.syscollector.packages }}</packages>
+    <ports all="no">{{ wazuh_manager_config.syscollector.ports_no }}</ports>
+    <processes>{{ wazuh_manager_config.syscollector.processes }}</processes>
+  </wodle>
+
+  <wodle name="vulnerability-detector">
+    <disabled>{{ wazuh_manager_config.vul_detector.disable }}</disabled>
+    <interval>{{ wazuh_manager_config.vul_detector.interval }}</interval>
+    <ignore_time>{{ wazuh_manager_config.vul_detector.ignore_time }}</ignore_time>
+    <run_on_start>{{ wazuh_manager_config.vul_detector.run_on_start }}</run_on_start>
+    <feed name="ubuntu-18">
+      <disabled>{{ wazuh_manager_config.vul_detector.ubuntu.disable }}</disabled>
+      <update_interval>{{ wazuh_manager_config.vul_detector.ubuntu.update_interval }}</update_interval>
+    </feed>
+    <feed name="redhat-7">
+      <disabled>{{ wazuh_manager_config.vul_detector.redhat.disable }}</disabled>
+      <update_interval>{{ wazuh_manager_config.vul_detector.redhat.update_interval }}</update_interval>
+    </feed>
+    <feed name="debian-9">
+      <disabled>{{ wazuh_manager_config.vul_detector.debian.disable }}</disabled>
+      <update_interval>{{ wazuh_manager_config.vul_detector.debian.update_interval }}</update_interval>
+    </feed>
+  </wodle>
+
+  <!-- File integrity monitoring -->
+  <syscheck>
+    <disabled>{{ wazuh_manager_config.syscheck.disable }}</disabled>
+    <auto_ignore>{{ wazuh_manager_config.syscheck.auto_ignore }}</auto_ignore>
+    <alert_new_files>{{ wazuh_manager_config.syscheck.alert_new_files }}</alert_new_files>
+    <!-- Frequency that syscheck is executed -- default every 20 hours -->
+    <frequency>{{ wazuh_manager_config.syscheck.frequency }}</frequency>
+    <scan_on_start>{{ wazuh_manager_config.syscheck.scan_on_start }}</scan_on_start>
+
+    <!-- Don't ignore files that change more than 'frequency' times -->
+    {% if wazuh_manager_config.syscheck.auto_ignore_frequency is defined %}
+    <auto_ignore {{ wazuh_manager_config.syscheck.auto_ignore_frequency.frequency }} {{ wazuh_manager_config.syscheck.auto_ignore_frequency.timeframe }}>{{wazuh_manager_config.syscheck.auto_ignore_frequency.value }}</auto_ignore>
+    {% endif %}
+
+    <!-- Directories to check  (perform all possible verifications) -->
+    {% if wazuh_manager_config.syscheck.directories is defined %}
+    {% for directory in wazuh_manager_config.syscheck.directories %}
+    <directories {{ directory.checks }}>{{ directory.dirs }}</directories>
+    {% endfor %}
+    {% endif %}
+
+    <!-- Files/directories to ignore -->
+    {% if wazuh_manager_config.syscheck.ignore is defined %}
+    {% for ignore in wazuh_manager_config.syscheck.ignore %}
+    <ignore>{{ ignore }}</ignore>
+    {% endfor %}
+    {% endif %}
+
+    <!-- Files no diff -->
+    {% for no_diff in wazuh_manager_config.syscheck.no_diff %}
+    <nodiff>{{ no_diff }}</nodiff>
+    {% endfor %}
+
+    {% if wazuh_manager_config.syscheck.skip_nfs is defined %}
+    <skip_nfs>{{ wazuh_manager_config.syscheck.skip_nfs }}</skip_nfs>
+    {% endif %}
+
+    <!-- Remove not monitored files -->
+    {% if wazuh_manager_config.syscheck.remove_old_diff is defined %}
+    <remove_old_diff>{{ wazuh_manager_config.syscheck.remove_old_diff }}</remove_old_diff>
+    {% endif %}
+
+    <!-- Allow the system to restart Auditd after installing the plugin -->
+    {% if wazuh_manager_config.syscheck.restart_audit is defined %}
+    <restart_audit>{{ wazuh_manager_config.syscheck.restart_audit }}</restart_audit>
+    {% endif %}
+  </syscheck>
+
+  <global>
+{% for white_list in wazuh_manager_config.globals %}
+    <white_list>{{ white_list }}</white_list>
+{% endfor %}
+  </global>
+
+  {% for command in wazuh_manager_config.commands %}
+    <command>
+      <name>{{ command.name }}</name>
+      <executable>{{ command.executable }}</executable>
+      <expect>{{ command.expect }}</expect>
+      <timeout_allowed>{{ command.timeout_allowed }}</timeout_allowed>
+    </command>
+  {% endfor %}
+
+  <!--
+  <active-response>
+    active-response options here
+  </active-response>
+  -->
+
+   <ruleset>
+    <!-- Default ruleset -->
+    <decoder_dir>ruleset/decoders</decoder_dir>
+    <rule_dir>ruleset/rules</rule_dir>
+    {% if wazuh_manager_config.rule_exclude is defined %}
+    {% for rule in wazuh_manager_config.rule_exclude %}
+    <rule_exclude>{{ rule }}</rule_exclude>
+    {% endfor %}
+    {% endif %}
+    {% if cdb_lists is defined %}
+    {% for list in cdb_lists %}
+    <list>etc/lists/{{ list.name }}</list>
+    {% endfor %}
+    {% endif %}
+
+    <!-- User-defined ruleset -->
+    <decoder_dir>etc/decoders</decoder_dir>
+    <rule_dir>etc/rules</rule_dir>
+  </ruleset>
+
+{% if wazuh_manager_config.authd.enable == true %}
+  <auth>
+    <disabled>no</disabled>
+    {% if wazuh_manager_config.authd.port is not none %}<port>{{wazuh_manager_config.authd.port}}</port>{% else %}<port>1515</port>{% endif %}
+    {% if wazuh_manager_config.authd.use_source_ip is not none %}<use_source_ip>{{wazuh_manager_config.authd.use_source_ip}}</use_source_ip>{% endif %}
+    {% if wazuh_manager_config.authd.force_insert is not none %}<force_insert>{{wazuh_manager_config.authd.force_insert}}</force_insert>{% endif %}
+    {% if wazuh_manager_config.authd.force_time is not none %}<force_time>{{wazuh_manager_config.authd.force_time}}</force_time>{% endif %}
+    {% if wazuh_manager_config.authd.purge is not none %}<purge>{{wazuh_manager_config.authd.purge}}</purge>{% endif %}
+    {% if wazuh_manager_config.authd.use_password is not none %}<use_password>{{wazuh_manager_config.authd.use_password}}</use_password>{% endif %}
+    {% if wazuh_manager_config.authd.ssl_agent_ca is not none %}<ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca>{% endif %}
+    {% if wazuh_manager_config.authd.ssl_verify_host is not none %}<ssl_verify_host>{{wazuh_manager_config.authd.ssl_verify_host}}</ssl_verify_host>{% endif %}
+    {% if wazuh_manager_config.authd.ssl_manager_cert is not none %}<ssl_manager_cert>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}}</ssl_manager_cert>{% endif %}
+    {% if wazuh_manager_config.authd.ssl_manager_key is not none %}<ssl_manager_key>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}}</ssl_manager_key>{% endif %}
+    {% if wazuh_manager_config.authd.ssl_auto_negotiate is not none %}<ssl_auto_negotiate>{{wazuh_manager_config.authd.ssl_auto_negotiate}}</ssl_auto_negotiate>{% endif %}
+  </auth>
+{% endif %}
+
+
+  <cluster>
+    <disabled>{{ wazuh_manager_config.cluster.disable }}</disabled>
+    <name>{{ wazuh_manager_config.cluster.name }}</name>
+    <node_name>{{ wazuh_manager_config.cluster.node_name }}</node_name>
+    <node_type>{{ wazuh_manager_config.cluster.node_type }}</node_type>
+    <key>{{ wazuh_manager_config.cluster.key }}</key>
+    {% if wazuh_manager_config.cluster.interval is defined %}
+    <interval>{{ wazuh_manager_config.cluster.interval }}</interval>
+    {% endif %}
+    <port>{{ wazuh_manager_config.cluster.port }}</port>
+    <bind_addr>{{ wazuh_manager_config.cluster.bind_addr }}</bind_addr>
+    <nodes>
+    {% for node in wazuh_manager_config.cluster.nodes %}
+      <node>{{ node }}</node>
+    {% endfor %}
+    </nodes>
+    <hidden>{{ wazuh_manager_config.cluster.hidden }}</hidden>
+  </cluster>
 
   {% if ansible_system == "Linux" and wazuh_manager_config.vuls.disable == 'no' %}
   <wodle name="command">
@@ -290,41 +397,6 @@
 {% endfor %}
 {% endif %}
 
-  <global>
-{% for white_list in wazuh_manager_config.globals %}
-    <white_list>{{ white_list }}</white_list>
-{% endfor %}
-  </global>
-
-  {% for command in wazuh_manager_config.commands %}
-    <command>
-      <name>{{ command.name }}</name>
-      <executable>{{ command.executable }}</executable>
-      <expect>{{ command.expect }}</expect>
-      <timeout_allowed>{{ command.timeout_allowed }}</timeout_allowed>
-    </command>
-  {% endfor %}
-
-
-  <ruleset>
-    <!-- Default ruleset -->
-    <decoder_dir>ruleset/decoders</decoder_dir>
-    <rule_dir>ruleset/rules</rule_dir>
-    {% if wazuh_manager_config.rule_exclude is defined %}
-    {% for rule in wazuh_manager_config.rule_exclude %}
-    <rule_exclude>{{ rule }}</rule_exclude>
-    {% endfor %}
-    {% endif %}
-    {% if cdb_lists is defined %}
-    {% for list in cdb_lists %}
-    <list>etc/lists/{{ list.name }}</list>
-    {% endfor %}
-    {% endif %}
-
-    <!-- User-defined ruleset -->
-    <decoder_dir>etc/decoders</decoder_dir>
-    <rule_dir>etc/rules</rule_dir>
-  </ruleset>
 
   <!-- Active Response Config -->
 {% for response in wazuh_manager_config.active_responses %}
diff --git a/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml b/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml
index 4dd651c5..851e24a1 100644
--- a/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml
+++ b/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml
@@ -7,3 +7,17 @@ cdb_lists:
       audit-wazuh-a:attribute
       audit-wazuh-x:execute
       audit-wazuh-c:command
+  - name: 'aws-source'
+    content: |
+      aws-source-w:write
+      aws-source-r:read
+      aws-source-a:attribute
+      aws-source-x:execute
+      aws-source-c:command
+  - name: 'aws-eventnames'
+    content: |
+      aws-eventnames-w:write
+      aws-eventnames-r:read
+      aws-eventnames-a:attribute
+      aws-eventnames-x:execute
+      aws-eventnames-c:command