diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 00000000..e947b7ee
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,23 @@
+# Change Log
+All notable changes to this project will be documented in this file.
+
+## [v3.7.0]
+
+### Changed
+
+- Repository restructure.
+
+## [v3.6.0]
+
+Ansible starting point.
+
+Roles:
+ - Elastic Stack:
+   - ansible-elasticsearch: This role is prepared to install elasticsearch on the host that runs it. 
+   - ansible-logstash: This role involves the installation of logstash on the host that runs it. 
+   - ansible-kibana: Using this role we will install Kibana on the host that runs it. 
+ - Wazuh: 
+   - ansible-filebeat: This role is prepared to install filebeat on the host that runs it. 
+   - ansible-wazuh-manager: With this role we will install Wazuh manager and Wazuh API on the host that runs it.
+   - ansible-wazuh-agent: Using this role we will install Wazuh agent on the host that runs it and is able to register it. 
+
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 00000000..b63808b6
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,475 @@
+
+ Portions Copyright (C) 2018 Wazuh, Inc.
+ Based on work Copyright (C) 2003 - 2013 Trend Micro, Inc.
+
+ This program is a free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License (version 2) as
+ published by the FSF - Free Software Foundation.
+
+ In addition, certain source files in this program permit linking with the
+ OpenSSL library (http://www.openssl.org), which otherwise wouldn't be allowed
+ under the GPL.  For purposes of identifying OpenSSL, most source files giving
+ this permission limit it to versions of OpenSSL having a license identical to
+ that listed in this file (see section "OpenSSL LICENSE" below). It is not
+ necessary for the copyright years to match between this file and the OpenSSL
+ version in question.  However, note that because this file is an extension of
+ the license statements of these source files, this file may not be changed
+ except with permission from all copyright holders of source files in this
+ program which reference this file.
+
+ Note that this license applies to the source code, as well as
+ decoders, rules and any other data file included with OSSEC (unless
+ otherwise specified).
+
+ For the purpose of this license, we consider an application to constitute a
+ "derivative work" or a work based on this program if it does any of the
+ following (list not exclusive):
+
+  * Integrates source code/data files from OSSEC.
+  * Includes OSSEC copyrighted material.
+  * Includes/integrates OSSEC into a proprietary executable installer.
+  * Links to a library or executes a program that does any of the above.
+
+ This list is not exclusive, but just a clarification of our interpretation
+ of derived works. These restrictions only apply if you actually redistribute
+ OSSEC (or parts of it).
+
+ We don't consider these to be added restrictions on top of the GPL,
+ but just a clarification of how we interpret "derived works" as it
+ applies to OSSEC. This is similar to the way Linus Torvalds has
+ announced his interpretation of how "derived works" applies to Linux kernel
+ modules. Our interpretation refers only to OSSEC - we don't speak
+ for any other GPL products.
+
+  * As a special exception, the copyright holders give
+  * permission to link the code of portions of this program with the
+  * OpenSSL library under certain conditions as described in each
+  * individual source file, and distribute linked combinations
+  * including the two.
+  * You must obey the GNU General Public License in all respects
+  * for all of the code used other than OpenSSL.  If you modify
+  * file(s) with this exception, you may extend this exception to your
+  * version of the file(s), but you are not obligated to do so.  If you
+  * do not wish to do so, delete this exception statement from your
+  * version.  If you delete this exception statement from all source
+  * files in the program, then also delete it here.
+
+ OSSEC HIDS is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ FITNESS FOR A PARTICULAR PURPOSE.
+ See the GNU General Public License Version 2 below for more details.
+
+-----------------------------------------------------------------------------
+
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+
+-------------------------------------------------------------------------------
+
+OpenSSL License
+---------------
+
+  LICENSE ISSUES
+  ==============
+
+  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
+  the OpenSSL License and the original SSLeay license apply to the toolkit.
+  See below for the actual license texts. Actually both licenses are BSD-style
+  Open Source licenses. In case of any license issues related to OpenSSL
+  please contact openssl-core@openssl.org.
+
+  OpenSSL License
+  ---------------
+
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the routines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
diff --git a/README.md b/README.md
index 7db82361..a9e0d8f5 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# Wazuh Ansible playbooks
+# Wazuh-Ansible 
 
 [![Slack](https://img.shields.io/badge/slack-join-blue.svg)](https://goo.gl/forms/M2AoZC4b2R9A9Zy12)
 [![Email](https://img.shields.io/badge/email-join-blue.svg)](https://groups.google.com/forum/#!forum/wazuh)
@@ -9,19 +9,66 @@ These playbooks install and configure Wazuh agent, manager and Elastic Stack.
 
 ## Documentation
 
-* [Full documentation](http://documentation.wazuh.com)
 * [Wazuh Ansible documentation](https://documentation.wazuh.com/current/deploying-with-ansible/index.html)
+* [Full documentation](http://documentation.wazuh.com)
 
-### Based on previous work from dj-wasabi
+## Directory structure
 
-https://github.com/dj-wasabi/ansible-ossec-server
+    ├── wazuh-ansible
+    │ ├── roles
+    │ │ ├── elastic-stack 
+    │ │ │ ├── ansible-elasticsearch        
+    │ │ │ ├── ansible-logstash
+    │ │ │ ├── ansible-kibana
+    │ │
+    │ │ ├── wazuh                
+    │ │ │ ├── ansible-filebeat
+    │ │ │ ├── ansible-wazuh-manager
+    │ │ │ ├── ansible-wazuh-agent
+    │ │
+    │ │ ├── ansible-galaxy
+    │ │ │ ├── meta
+    │
+    │ ├── playbooks
+    │ │ ├── wazuh-agent.yml
+    │ │ ├── wazuh-elastic.yml
+    │ │ ├── wazuh-elastic_stack-distributed.yml
+    │ │ ├── wazuh-elastic_stack-single.yml
+    │ │ ├── wazuh-kibana.yml
+    │ │ ├── wazuh-logstash.yml
+    │ │ ├── wazuh-manager.yml
+    │
+    │ ├── README.md
+    │ ├── VERSION
+    │ ├── CHANGELOG.md
+
+
+## Branches
+
+* `stable` branch on correspond to the last Wazuh-Ansible stable version.
+* `master` branch contains the latest code, be aware of possible bugs on this branch.
+
+## Contribute
+
+If you want to contribute to our repository, please fork our Github repository and submit a pull request.
+
+If you are not familiar with Github, you can also share them through [our users mailing list](https://groups.google.com/d/forum/wazuh), to which you can subscribe by sending an email to `wazuh+subscribe@googlegroups.com`. 
 
 ### Modified by Wazuh
 
 The playbooks have been modified by Wazuh, including some specific requirements, templates and configuration to improve integration with Wazuh ecosystem.
 
+## Credits and Thank you
 
-## References
+Based on previous work from dj-wasabi.
+
+https://github.com/dj-wasabi/ansible-ossec-server
+
+## License and copyright
+
+WAZUH
+Copyright (C) 2016-2018 Wazuh Inc.  (License GPLv2)
+
+## Web references
 
 * [Wazuh website](http://wazuh.com)
-* [OSSEC project website](http://ossec.github.io)
diff --git a/VERSION b/VERSION
new file mode 100644
index 00000000..29124005
--- /dev/null
+++ b/VERSION
@@ -0,0 +1,2 @@
+WAZUH-ANSIBLE_VERSION="v3.7.0"
+REVISION="3700"
diff --git a/wazuh-agent.yml b/playbooks/wazuh-agent.yml
similarity index 65%
rename from wazuh-agent.yml
rename to playbooks/wazuh-agent.yml
index 99f80e36..ff957834 100644
--- a/wazuh-agent.yml
+++ b/playbooks/wazuh-agent.yml
@@ -1,9 +1,9 @@
-- hosts: all:!wazuh-manager
+- hosts: <your wazuh agents hosts>
   roles:
-    - ansible-wazuh-agent
+    - /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-agent
   vars:
     wazuh_managers:
-      - address: 127.0.0.1
+      - address: <your manager IP>
         port: 1514
         protocol: udp
         api_port: 55000
diff --git a/playbooks/wazuh-elastic.yml b/playbooks/wazuh-elastic.yml
new file mode 100644
index 00000000..b61a22e2
--- /dev/null
+++ b/playbooks/wazuh-elastic.yml
@@ -0,0 +1,3 @@
+- hosts: <your elasticsearch host>
+  roles:
+    - { role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'your elasticsearch IP' }
diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml
new file mode 100644
index 00000000..850b1e61
--- /dev/null
+++ b/playbooks/wazuh-elastic_stack-distributed.yml
@@ -0,0 +1,9 @@
+- hosts: <your wazuh server host>
+  roles:
+    - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager
+    - { role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat, filebeat_output_logstash_hosts: 'your elastic stack server IP' }
+- hosts: <your elastic stack server host>
+  roles:
+    - { role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost' }
+    - { role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-logstash, logstash_input_beats: true, elasticsearch_network_host: 'localhost' }
+    - { role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost' }
diff --git a/playbooks/wazuh-elastic_stack-single.yml b/playbooks/wazuh-elastic_stack-single.yml
new file mode 100644
index 00000000..b1808d13
--- /dev/null
+++ b/playbooks/wazuh-elastic_stack-single.yml
@@ -0,0 +1,6 @@
+- hosts: <your single server host>
+  roles:
+      - { role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager }
+      - { role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost' }
+      - { role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-logstash, elasticsearch_network_host: 'localhost' }
+      - { role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost' }
diff --git a/playbooks/wazuh-kibana.yml b/playbooks/wazuh-kibana.yml
new file mode 100644
index 00000000..02e14a47
--- /dev/null
+++ b/playbooks/wazuh-kibana.yml
@@ -0,0 +1,3 @@
+- hosts: <your kibana host>
+  roles:
+    - { role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'your elasticsearch IP' }
diff --git a/playbooks/wazuh-logstash.yml b/playbooks/wazuh-logstash.yml
new file mode 100644
index 00000000..93aa256c
--- /dev/null
+++ b/playbooks/wazuh-logstash.yml
@@ -0,0 +1,3 @@
+- hosts: <your logstash host>
+  roles:
+    - { role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-logstash, elasticsearch_network_host: 'localhost' }
diff --git a/playbooks/wazuh-manager.yml b/playbooks/wazuh-manager.yml
new file mode 100644
index 00000000..d224ee34
--- /dev/null
+++ b/playbooks/wazuh-manager.yml
@@ -0,0 +1,4 @@
+- hosts: <your wazuh server host>
+  roles:
+    - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager
+    - { role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat, filebeat_output_logstash_hosts: 'your logstash IP' }
diff --git a/meta/main.yml b/roles/ansible-galaxy/meta/main.yml
similarity index 100%
rename from meta/main.yml
rename to roles/ansible-galaxy/meta/main.yml
diff --git a/ansible-role-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md
similarity index 100%
rename from ansible-role-elasticsearch/README.md
rename to roles/elastic-stack/ansible-elasticsearch/README.md
diff --git a/ansible-role-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml
similarity index 100%
rename from ansible-role-elasticsearch/defaults/main.yml
rename to roles/elastic-stack/ansible-elasticsearch/defaults/main.yml
diff --git a/ansible-role-elasticsearch/handlers/main.yml b/roles/elastic-stack/ansible-elasticsearch/handlers/main.yml
similarity index 100%
rename from ansible-role-elasticsearch/handlers/main.yml
rename to roles/elastic-stack/ansible-elasticsearch/handlers/main.yml
diff --git a/ansible-role-elasticsearch/meta/main.yml b/roles/elastic-stack/ansible-elasticsearch/meta/main.yml
similarity index 100%
rename from ansible-role-elasticsearch/meta/main.yml
rename to roles/elastic-stack/ansible-elasticsearch/meta/main.yml
diff --git a/ansible-role-elasticsearch/tasks/Debian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml
similarity index 87%
rename from ansible-role-elasticsearch/tasks/Debian.yml
rename to roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml
index c830f25d..ae4e717f 100644
--- a/ansible-role-elasticsearch/tasks/Debian.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/tasks/Debian.yml
@@ -1,4 +1,3 @@
-
 ---
 - name: Debian/Ubuntu | Install apt-transport-https and ca-certificates
   apt:
@@ -9,14 +8,14 @@
     - apt-transport-https
     - ca-certificates
 
-- name: Debian/Ubuntu | Setting webupd8 repository
-  apt_repository:
-    repo: 'ppa:webupd8team/java'
-    codename: 'xenial'
-    update_cache: yes
-
 - when: elasticsearch_install_java
   block:
+    - name: Debian/Ubuntu | Setting webupd8 repository
+      apt_repository:
+        repo: 'ppa:webupd8team/java'
+        codename: 'xenial'
+        update_cache: yes
+
     - name: Debian/Ubuntu | Accept Oracle Java 8 license
       debconf:
         name: oracle-java8-installer
diff --git a/ansible-role-elasticsearch/tasks/RMDebian.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml
similarity index 100%
rename from ansible-role-elasticsearch/tasks/RMDebian.yml
rename to roles/elastic-stack/ansible-elasticsearch/tasks/RMDebian.yml
diff --git a/ansible-role-elasticsearch/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml
similarity index 100%
rename from ansible-role-elasticsearch/tasks/RMRedHat.yml
rename to roles/elastic-stack/ansible-elasticsearch/tasks/RMRedHat.yml
diff --git a/ansible-role-elasticsearch/tasks/RedHat.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml
similarity index 100%
rename from ansible-role-elasticsearch/tasks/RedHat.yml
rename to roles/elastic-stack/ansible-elasticsearch/tasks/RedHat.yml
diff --git a/ansible-role-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
similarity index 100%
rename from ansible-role-elasticsearch/tasks/main.yml
rename to roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
diff --git a/ansible-role-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2
similarity index 100%
rename from ansible-role-elasticsearch/templates/elasticsearch.yml.j2
rename to roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2
diff --git a/ansible-role-elasticsearch/templates/elasticsearch_nonsystemd.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_nonsystemd.j2
similarity index 100%
rename from ansible-role-elasticsearch/templates/elasticsearch_nonsystemd.j2
rename to roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_nonsystemd.j2
diff --git a/ansible-role-elasticsearch/templates/elasticsearch_systemd.conf.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_systemd.conf.j2
similarity index 100%
rename from ansible-role-elasticsearch/templates/elasticsearch_systemd.conf.j2
rename to roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch_systemd.conf.j2
diff --git a/ansible-role-elasticsearch/templates/jvm.options.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/jvm.options.j2
similarity index 100%
rename from ansible-role-elasticsearch/templates/jvm.options.j2
rename to roles/elastic-stack/ansible-elasticsearch/templates/jvm.options.j2
diff --git a/ansible-role-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2
similarity index 100%
rename from ansible-role-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2
rename to roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2
diff --git a/ansible-role-kibana/README.md b/roles/elastic-stack/ansible-kibana/README.md
similarity index 100%
rename from ansible-role-kibana/README.md
rename to roles/elastic-stack/ansible-kibana/README.md
diff --git a/ansible-role-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml
similarity index 100%
rename from ansible-role-kibana/defaults/main.yml
rename to roles/elastic-stack/ansible-kibana/defaults/main.yml
diff --git a/ansible-role-kibana/handlers/main.yml b/roles/elastic-stack/ansible-kibana/handlers/main.yml
similarity index 100%
rename from ansible-role-kibana/handlers/main.yml
rename to roles/elastic-stack/ansible-kibana/handlers/main.yml
diff --git a/ansible-role-kibana/meta/main.yml b/roles/elastic-stack/ansible-kibana/meta/main.yml
similarity index 100%
rename from ansible-role-kibana/meta/main.yml
rename to roles/elastic-stack/ansible-kibana/meta/main.yml
diff --git a/ansible-role-kibana/tasks/Debian.yml b/roles/elastic-stack/ansible-kibana/tasks/Debian.yml
similarity index 100%
rename from ansible-role-kibana/tasks/Debian.yml
rename to roles/elastic-stack/ansible-kibana/tasks/Debian.yml
diff --git a/ansible-role-kibana/tasks/RMDebian.yml b/roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml
similarity index 100%
rename from ansible-role-kibana/tasks/RMDebian.yml
rename to roles/elastic-stack/ansible-kibana/tasks/RMDebian.yml
diff --git a/ansible-role-kibana/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml
similarity index 100%
rename from ansible-role-kibana/tasks/RMRedHat.yml
rename to roles/elastic-stack/ansible-kibana/tasks/RMRedHat.yml
diff --git a/ansible-role-kibana/tasks/RedHat.yml b/roles/elastic-stack/ansible-kibana/tasks/RedHat.yml
similarity index 100%
rename from ansible-role-kibana/tasks/RedHat.yml
rename to roles/elastic-stack/ansible-kibana/tasks/RedHat.yml
diff --git a/ansible-role-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml
similarity index 100%
rename from ansible-role-kibana/tasks/main.yml
rename to roles/elastic-stack/ansible-kibana/tasks/main.yml
diff --git a/ansible-role-kibana/templates/kibana.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2
similarity index 100%
rename from ansible-role-kibana/templates/kibana.yml.j2
rename to roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2
diff --git a/ansible-role-logstash/README.md b/roles/elastic-stack/ansible-logstash/README.md
similarity index 100%
rename from ansible-role-logstash/README.md
rename to roles/elastic-stack/ansible-logstash/README.md
diff --git a/ansible-role-logstash/defaults/main.yml b/roles/elastic-stack/ansible-logstash/defaults/main.yml
similarity index 100%
rename from ansible-role-logstash/defaults/main.yml
rename to roles/elastic-stack/ansible-logstash/defaults/main.yml
diff --git a/ansible-role-logstash/handlers/main.yml b/roles/elastic-stack/ansible-logstash/handlers/main.yml
similarity index 100%
rename from ansible-role-logstash/handlers/main.yml
rename to roles/elastic-stack/ansible-logstash/handlers/main.yml
diff --git a/ansible-role-logstash/meta/main.yml b/roles/elastic-stack/ansible-logstash/meta/main.yml
similarity index 100%
rename from ansible-role-logstash/meta/main.yml
rename to roles/elastic-stack/ansible-logstash/meta/main.yml
diff --git a/ansible-role-logstash/tasks/Debian.yml b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml
similarity index 91%
rename from ansible-role-logstash/tasks/Debian.yml
rename to roles/elastic-stack/ansible-logstash/tasks/Debian.yml
index a5ffb14e..628fd8e4 100644
--- a/ansible-role-logstash/tasks/Debian.yml
+++ b/roles/elastic-stack/ansible-logstash/tasks/Debian.yml
@@ -8,13 +8,13 @@
     - apt-transport-https
     - ca-certificates
 
-- name: Debian/Ubuntu | Setting webupd8 repository
-  apt_repository:
-    repo: 'ppa:webupd8team/java'
-    codename: 'xenial'
-
 - when: logstash_install_java
   block:
+    - name: Debian/Ubuntu | Setting webupd8 repository
+      apt_repository:
+        repo: 'ppa:webupd8team/java'
+        codename: 'xenial'
+
     - name: Debian/Ubuntu | Accept Oracle Java 8 license
       debconf:
         name: oracle-java8-installer
diff --git a/ansible-role-logstash/tasks/RMDebian.yml b/roles/elastic-stack/ansible-logstash/tasks/RMDebian.yml
similarity index 100%
rename from ansible-role-logstash/tasks/RMDebian.yml
rename to roles/elastic-stack/ansible-logstash/tasks/RMDebian.yml
diff --git a/ansible-role-logstash/tasks/RMRedHat.yml b/roles/elastic-stack/ansible-logstash/tasks/RMRedHat.yml
similarity index 100%
rename from ansible-role-logstash/tasks/RMRedHat.yml
rename to roles/elastic-stack/ansible-logstash/tasks/RMRedHat.yml
diff --git a/ansible-role-logstash/tasks/RedHat.yml b/roles/elastic-stack/ansible-logstash/tasks/RedHat.yml
similarity index 100%
rename from ansible-role-logstash/tasks/RedHat.yml
rename to roles/elastic-stack/ansible-logstash/tasks/RedHat.yml
diff --git a/ansible-role-logstash/tasks/config.yml b/roles/elastic-stack/ansible-logstash/tasks/config.yml
similarity index 100%
rename from ansible-role-logstash/tasks/config.yml
rename to roles/elastic-stack/ansible-logstash/tasks/config.yml
diff --git a/ansible-role-logstash/tasks/main.yml b/roles/elastic-stack/ansible-logstash/tasks/main.yml
similarity index 100%
rename from ansible-role-logstash/tasks/main.yml
rename to roles/elastic-stack/ansible-logstash/tasks/main.yml
diff --git a/ansible-role-logstash/templates/01-wazuh.conf.j2 b/roles/elastic-stack/ansible-logstash/templates/01-wazuh.conf.j2
similarity index 100%
rename from ansible-role-logstash/templates/01-wazuh.conf.j2
rename to roles/elastic-stack/ansible-logstash/templates/01-wazuh.conf.j2
diff --git a/ansible-role-filebeat/README.md b/roles/wazuh/ansible-filebeat/README.md
similarity index 100%
rename from ansible-role-filebeat/README.md
rename to roles/wazuh/ansible-filebeat/README.md
diff --git a/ansible-role-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml
similarity index 100%
rename from ansible-role-filebeat/defaults/main.yml
rename to roles/wazuh/ansible-filebeat/defaults/main.yml
diff --git a/ansible-role-filebeat/handlers/main.yml b/roles/wazuh/ansible-filebeat/handlers/main.yml
similarity index 100%
rename from ansible-role-filebeat/handlers/main.yml
rename to roles/wazuh/ansible-filebeat/handlers/main.yml
diff --git a/ansible-role-filebeat/meta/main.yml b/roles/wazuh/ansible-filebeat/meta/main.yml
similarity index 100%
rename from ansible-role-filebeat/meta/main.yml
rename to roles/wazuh/ansible-filebeat/meta/main.yml
diff --git a/ansible-role-filebeat/tasks/Debian.yml b/roles/wazuh/ansible-filebeat/tasks/Debian.yml
similarity index 100%
rename from ansible-role-filebeat/tasks/Debian.yml
rename to roles/wazuh/ansible-filebeat/tasks/Debian.yml
diff --git a/ansible-role-filebeat/tasks/RMDebian.yml b/roles/wazuh/ansible-filebeat/tasks/RMDebian.yml
similarity index 100%
rename from ansible-role-filebeat/tasks/RMDebian.yml
rename to roles/wazuh/ansible-filebeat/tasks/RMDebian.yml
diff --git a/ansible-role-filebeat/tasks/RMRedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml
similarity index 100%
rename from ansible-role-filebeat/tasks/RMRedHat.yml
rename to roles/wazuh/ansible-filebeat/tasks/RMRedHat.yml
diff --git a/ansible-role-filebeat/tasks/RedHat.yml b/roles/wazuh/ansible-filebeat/tasks/RedHat.yml
similarity index 100%
rename from ansible-role-filebeat/tasks/RedHat.yml
rename to roles/wazuh/ansible-filebeat/tasks/RedHat.yml
diff --git a/ansible-role-filebeat/tasks/config.yml b/roles/wazuh/ansible-filebeat/tasks/config.yml
similarity index 100%
rename from ansible-role-filebeat/tasks/config.yml
rename to roles/wazuh/ansible-filebeat/tasks/config.yml
diff --git a/ansible-role-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml
similarity index 100%
rename from ansible-role-filebeat/tasks/main.yml
rename to roles/wazuh/ansible-filebeat/tasks/main.yml
diff --git a/ansible-role-filebeat/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2
similarity index 100%
rename from ansible-role-filebeat/templates/filebeat.yml.j2
rename to roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2
diff --git a/ansible-role-filebeat/tests/requirements.yml b/roles/wazuh/ansible-filebeat/tests/requirements.yml
similarity index 100%
rename from ansible-role-filebeat/tests/requirements.yml
rename to roles/wazuh/ansible-filebeat/tests/requirements.yml
diff --git a/ansible-role-filebeat/tests/test.yml b/roles/wazuh/ansible-filebeat/tests/test.yml
similarity index 100%
rename from ansible-role-filebeat/tests/test.yml
rename to roles/wazuh/ansible-filebeat/tests/test.yml
diff --git a/ansible-wazuh-agent/README.md b/roles/wazuh/ansible-wazuh-agent/README.md
similarity index 100%
rename from ansible-wazuh-agent/README.md
rename to roles/wazuh/ansible-wazuh-agent/README.md
diff --git a/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
similarity index 98%
rename from ansible-wazuh-agent/defaults/main.yml
rename to roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index fefa2b06..db29e6ab 100644
--- a/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -24,6 +24,7 @@ wazuh_winagent_config:
   repo: https://packages.wazuh.com/3.x/windows/
   md5: 935d1993029021f3951b9511e2171207
 wazuh_agent_config:
+  active_response_disabled: 'no'
   log_format: 'plain'
   syscheck:
     frequency: 43200
diff --git a/ansible-wazuh-agent/handlers/main.yml b/roles/wazuh/ansible-wazuh-agent/handlers/main.yml
similarity index 100%
rename from ansible-wazuh-agent/handlers/main.yml
rename to roles/wazuh/ansible-wazuh-agent/handlers/main.yml
diff --git a/ansible-wazuh-agent/meta/main.yml b/roles/wazuh/ansible-wazuh-agent/meta/main.yml
similarity index 100%
rename from ansible-wazuh-agent/meta/main.yml
rename to roles/wazuh/ansible-wazuh-agent/meta/main.yml
diff --git a/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
similarity index 63%
rename from ansible-wazuh-agent/tasks/Debian.yml
rename to roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
index 9f265eb1..d8affe84 100644
--- a/ansible-wazuh-agent/tasks/Debian.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml
@@ -22,37 +22,28 @@
     cis_distribution_filename: cis_debian_linux_rcl.txt
   when: ansible_os_family == "Debian"
 
-- name: Debian/Ubuntu | Setting webupd8 repository
-  apt_repository:
-    repo: 'ppa:webupd8team/java'
-    codename: 'xenial'
-    update_cache: yes
-  when:
-    - wazuh_agent_config.cis_cat.disable == 'no'
-    - wazuh_agent_config.cis_cat.install_java == 'yes'
-  tags:
-    - init
+- when:
+  - wazuh_agent_config.cis_cat.disable == 'no'
+  - wazuh_agent_config.cis_cat.install_java == 'yes'
+  block:
+  - name: Debian/Ubuntu | Setting webupd8 repository
+    apt_repository:
+      repo: 'ppa:webupd8team/java'
+      codename: 'xenial'
+      update_cache: yes
 
-- name: Debian/Ubuntu | Accept Oracle Java 8 license
-  debconf:
-    name: oracle-java8-installer
-    question: shared/accepted-oracle-license-v1-1
-    value: true
-    vtype: boolean
-  when:
-    - wazuh_agent_config.cis_cat.disable == 'no'
-    - wazuh_agent_config.cis_cat.install_java == 'yes'
-  tags:
-    - init
+  - name: Debian/Ubuntu | Accept Oracle Java 8 license
+    debconf:
+      name: oracle-java8-installer
+      question: shared/accepted-oracle-license-v1-1
+      value: true
+      vtype: boolean
 
-- name: Debian/Ubuntu | Oracle Java 8 installer
-  apt:
-    name: oracle-java8-installer
-    state: present
-    cache_valid_time: 3600
-  when:
-    - wazuh_agent_config.cis_cat.disable == 'no'
-    - wazuh_agent_config.cis_cat.install_java == 'yes'
+  - name: Debian/Ubuntu | Oracle Java 8 installer
+    apt:
+      name: oracle-java8-installer
+      state: present
+      cache_valid_time: 3600
   tags:
     - init
 
diff --git a/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
similarity index 100%
rename from ansible-wazuh-agent/tasks/Linux.yml
rename to roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
diff --git a/ansible-wazuh-agent/tasks/RMDebian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml
similarity index 100%
rename from ansible-wazuh-agent/tasks/RMDebian.yml
rename to roles/wazuh/ansible-wazuh-agent/tasks/RMDebian.yml
diff --git a/ansible-wazuh-agent/tasks/RMRedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RMRedHat.yml
similarity index 100%
rename from ansible-wazuh-agent/tasks/RMRedHat.yml
rename to roles/wazuh/ansible-wazuh-agent/tasks/RMRedHat.yml
diff --git a/ansible-wazuh-agent/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml
similarity index 100%
rename from ansible-wazuh-agent/tasks/RedHat.yml
rename to roles/wazuh/ansible-wazuh-agent/tasks/RedHat.yml
diff --git a/ansible-wazuh-agent/tasks/Windows.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
similarity index 100%
rename from ansible-wazuh-agent/tasks/Windows.yml
rename to roles/wazuh/ansible-wazuh-agent/tasks/Windows.yml
diff --git a/ansible-wazuh-agent/tasks/main.yml b/roles/wazuh/ansible-wazuh-agent/tasks/main.yml
similarity index 100%
rename from ansible-wazuh-agent/tasks/main.yml
rename to roles/wazuh/ansible-wazuh-agent/tasks/main.yml
diff --git a/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
similarity index 99%
rename from ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
rename to roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
index 6b05b7ba..982c1579 100644
--- a/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@@ -36,7 +36,7 @@
   </logging>
 
   <active-response>
-    <disabled>no</disabled>
+    <disabled>{{ wazuh_agent_config.active_response_disabled|default('no') }}</disabled>
   </active-response>
 
   {% if wazuh_agent_config.rootcheck is defined %}
diff --git a/ansible-wazuh-agent/vars/api_pass.yml b/roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml
similarity index 100%
rename from ansible-wazuh-agent/vars/api_pass.yml
rename to roles/wazuh/ansible-wazuh-agent/vars/api_pass.yml
diff --git a/ansible-wazuh-agent/vars/authd_pass.yml b/roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml
similarity index 100%
rename from ansible-wazuh-agent/vars/authd_pass.yml
rename to roles/wazuh/ansible-wazuh-agent/vars/authd_pass.yml
diff --git a/ansible-wazuh-manager/.gitignore b/roles/wazuh/ansible-wazuh-manager/.gitignore
similarity index 100%
rename from ansible-wazuh-manager/.gitignore
rename to roles/wazuh/ansible-wazuh-manager/.gitignore
diff --git a/ansible-wazuh-manager/CHANGELOG.md b/roles/wazuh/ansible-wazuh-manager/CHANGELOG.md
similarity index 100%
rename from ansible-wazuh-manager/CHANGELOG.md
rename to roles/wazuh/ansible-wazuh-manager/CHANGELOG.md
diff --git a/ansible-wazuh-manager/README.md b/roles/wazuh/ansible-wazuh-manager/README.md
similarity index 100%
rename from ansible-wazuh-manager/README.md
rename to roles/wazuh/ansible-wazuh-manager/README.md
diff --git a/roles/wazuh/ansible-wazuh-manager/custom_ruleset/decoders/sample_custom_decoders.xml b/roles/wazuh/ansible-wazuh-manager/custom_ruleset/decoders/sample_custom_decoders.xml
new file mode 100644
index 00000000..bf5947c7
--- /dev/null
+++ b/roles/wazuh/ansible-wazuh-manager/custom_ruleset/decoders/sample_custom_decoders.xml
@@ -0,0 +1,25 @@
+<!-- Local Decoders -->
+
+<!-- Modify it at your will. -->
+
+<!--
+  - Allowed static fields:
+  - location   - where the log came from (only on FTS)
+  - srcuser    - extracts the source username
+  - dstuser    - extracts the destination (target) username
+  - user       - an alias to dstuser (only one of the two can be used)
+  - srcip      - source ip
+  - dstip      - dst ip
+  - srcport    - source port
+  - dstport    - destination port
+  - protocol   - protocol
+  - id         - event id
+  - url        - url of the event
+  - action     - event action (deny, drop, accept, etc)
+  - status     - event status (success, failure, etc)
+  - extra_data - Any extra data
+-->
+
+<decoder name="sample_custom_decoder">
+    <program_name>sample_custom_decoder</program_name>
+</decoder>
diff --git a/roles/wazuh/ansible-wazuh-manager/custom_ruleset/rules/sample_custom_rules.xml b/roles/wazuh/ansible-wazuh-manager/custom_ruleset/rules/sample_custom_rules.xml
new file mode 100644
index 00000000..e5fb3563
--- /dev/null
+++ b/roles/wazuh/ansible-wazuh-manager/custom_ruleset/rules/sample_custom_rules.xml
@@ -0,0 +1,18 @@
+<!-- Local rules -->
+
+<!-- Modify it at your will. -->
+
+<!-- Example -->
+<group name="local,syslog,sshd,">
+
+  <!--
+  Dec 10 01:02:02 host sshd[1234]: Failed none for root from 1.1.1.1 port 1066 ssh2
+  -->
+  <rule id="200001" level="5">
+    <if_sid>5716</if_sid>
+    <srcip>1.1.1.1</srcip>
+    <description>sshd: authentication failed from IP 1.1.1.1.</description>
+    <group>authentication_failed,pci_dss_10.2.4,pci_dss_10.2.5,</group>
+  </rule>
+
+</group>
diff --git a/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
similarity index 89%
rename from ansible-wazuh-manager/defaults/main.yml
rename to roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 67c83c0a..18f02855 100644
--- a/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -6,6 +6,22 @@ wazuh_manager_config:
   alerts_log: 'yes'
   logall: 'no'
   log_format: 'plain'
+  api:
+    bind_addr: '0.0.0.0'
+    port: 55000
+    https: 'no'
+    basic_auth: 'yes'
+    behind_proxy_server: 'no'
+    https_cert: '/var/ossec/etc/sslmanager.cert'
+    https_key: '/var/ossec/etc/sslmanager.key'
+    https_use_ca: 'no'
+    https_ca: ''
+    use_only_authd: 'false'
+    drop_privileges: 'true'
+    experimental_features: 'false'
+    secure_protocol: 'TLSv1_2_method'
+    honor_cipher_order: 'true'
+    ciphers: ''
   cluster:
     disable: 'yes'
     name: 'wazuh'
@@ -167,6 +183,9 @@ wazuh_manager_config:
       executable: 'route-null.cmd'
       expect: 'srcip'
       timeout_allowed: 'yes'
+  ruleset:
+      rules_path: '/etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager/custom_ruleset/rules/'
+      decoders_path: '/etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager/custom_ruleset/decoders/'
   rule_exclude:
     - '0215-policy_rules.xml'
   active_responses:
diff --git a/ansible-wazuh-manager/handlers/main.yml b/roles/wazuh/ansible-wazuh-manager/handlers/main.yml
similarity index 100%
rename from ansible-wazuh-manager/handlers/main.yml
rename to roles/wazuh/ansible-wazuh-manager/handlers/main.yml
diff --git a/ansible-wazuh-manager/meta/main.yml b/roles/wazuh/ansible-wazuh-manager/meta/main.yml
similarity index 100%
rename from ansible-wazuh-manager/meta/main.yml
rename to roles/wazuh/ansible-wazuh-manager/meta/main.yml
diff --git a/ansible-wazuh-manager/playbook.yml b/roles/wazuh/ansible-wazuh-manager/playbook.yml
similarity index 100%
rename from ansible-wazuh-manager/playbook.yml
rename to roles/wazuh/ansible-wazuh-manager/playbook.yml
diff --git a/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
similarity index 67%
rename from ansible-wazuh-manager/tasks/Debian.yml
rename to roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
index 56090f87..f2885345 100644
--- a/ansible-wazuh-manager/tasks/Debian.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
@@ -30,37 +30,28 @@
   set_fact:
     cis_distribution_filename: cis_debian_linux_rcl.txt
 
-- name: Debian/Ubuntu | Setting webupd8 repository
-  apt_repository:
-    repo: 'ppa:webupd8team/java'
-    codename: 'xenial'
-    update_cache: yes
-  when:
-    - wazuh_manager_config.cis_cat.disable == 'no'
-    - wazuh_manager_config.cis_cat.install_java == 'yes'
-  tags:
-    - init
+- when:
+   - wazuh_manager_config.cis_cat.disable == 'no'
+   - wazuh_manager_config.cis_cat.install_java == 'yes'
+  block:
+  - name: Debian/Ubuntu | Setting webupd8 repository
+    apt_repository:
+      repo: 'ppa:webupd8team/java'
+      codename: 'xenial'
+      update_cache: yes
 
-- name: Debian/Ubuntu | Accept Oracle Java 8 license
-  debconf:
-    name: oracle-java8-installer
-    question: shared/accepted-oracle-license-v1-1
-    value: true
-    vtype: boolean
-  when:
-    - wazuh_manager_config.cis_cat.disable == 'no'
-    - wazuh_manager_config.cis_cat.install_java == 'yes'
-  tags:
-    - init
+  - name: Debian/Ubuntu | Accept Oracle Java 8 license
+    debconf:
+      name: oracle-java8-installer
+      question: shared/accepted-oracle-license-v1-1
+      value: true
+      vtype: boolean
 
-- name: Debian/Ubuntu | Oracle Java 8 installer
-  apt:
-    name: oracle-java8-installer
-    state: present
-    cache_valid_time: 3600
-  when:
-    - wazuh_manager_config.cis_cat.disable == 'no'
-    - wazuh_manager_config.cis_cat.install_java == 'yes'
+  - name: Debian/Ubuntu | Oracle Java 8 installer
+    apt:
+      name: oracle-java8-installer
+      state: present
+      cache_valid_time: 3600
   tags:
     - init
 
diff --git a/ansible-wazuh-manager/tasks/RMDebian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml
similarity index 100%
rename from ansible-wazuh-manager/tasks/RMDebian.yml
rename to roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml
diff --git a/ansible-wazuh-manager/tasks/RMRedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml
similarity index 100%
rename from ansible-wazuh-manager/tasks/RMRedHat.yml
rename to roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml
diff --git a/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
similarity index 100%
rename from ansible-wazuh-manager/tasks/RedHat.yml
rename to roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
diff --git a/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
similarity index 90%
rename from ansible-wazuh-manager/tasks/main.yml
rename to roles/wazuh/ansible-wazuh-manager/tasks/main.yml
index bd9999fd..4c768216 100644
--- a/ansible-wazuh-manager/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
@@ -96,6 +96,18 @@
     - config
     - rules
 
+- name: Adding local rules files
+  copy: src="{{ wazuh_manager_config.ruleset.rules_path }}"
+        dest=/var/ossec/etc/rules/
+        owner=root
+        group=ossec
+        mode=0640
+  notify: restart wazuh-manager
+  tags:
+    - init
+    - config
+    - rules
+
 - name: Installing the local_decoder.xml
   template: src=var-ossec-rules-local_decoder.xml.j2
             dest=/var/ossec/etc/decoders/local_decoder.xml
@@ -108,16 +120,41 @@
     - config
     - rules
 
-- name: Configure the shared-agent.conf
-  template: src=var-ossec-etc-shared-agent.conf.j2
-            dest=/var/ossec/etc/shared/default/agent.conf
-            owner=ossec
-            group=ossec
-            mode=0640
+- name: Adding local decoders files
+  copy: src="{{ wazuh_manager_config.ruleset.decoders_path }}"
+        dest=/var/ossec/etc/decoders/
+        owner=root
+        group=ossec
+        mode=0640
   notify: restart wazuh-manager
   tags:
     - init
     - config
+    - rules
+
+- name: Configure the shared-agent.conf
+  template:
+    src: var-ossec-etc-shared-agent.conf.j2
+    dest: /var/ossec/etc/shared/default/agent.conf
+    owner: ossec
+    group: ossec
+    mode: 0640
+    validate: '/var/ossec/bin/verify-agent-conf -f %s'
+  notify: restart wazuh-manager
+  tags:
+    - init
+    - config
+
+- name: Installing the config.js (api configuration)
+  template: src=var-ossec-api-configuration-config.js.j2
+            dest=/var/ossec/api/configuration/config.js
+            owner=root
+            group=ossec
+            mode=0740
+  notify: restart wazuh-api
+  tags:
+    - init
+    - config
 
 - name: Retrieving Agentless Credentials
   include_vars: agentless_creeds.yml
diff --git a/ansible-wazuh-manager/templates/agentless.j2 b/roles/wazuh/ansible-wazuh-manager/templates/agentless.j2
similarity index 100%
rename from ansible-wazuh-manager/templates/agentless.j2
rename to roles/wazuh/ansible-wazuh-manager/templates/agentless.j2
diff --git a/ansible-wazuh-manager/templates/api_user.j2 b/roles/wazuh/ansible-wazuh-manager/templates/api_user.j2
similarity index 100%
rename from ansible-wazuh-manager/templates/api_user.j2
rename to roles/wazuh/ansible-wazuh-manager/templates/api_user.j2
diff --git a/ansible-wazuh-manager/templates/authd_pass.j2 b/roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2
similarity index 100%
rename from ansible-wazuh-manager/templates/authd_pass.j2
rename to roles/wazuh/ansible-wazuh-manager/templates/authd_pass.j2
diff --git a/ansible-wazuh-manager/templates/cdb_lists.j2 b/roles/wazuh/ansible-wazuh-manager/templates/cdb_lists.j2
similarity index 100%
rename from ansible-wazuh-manager/templates/cdb_lists.j2
rename to roles/wazuh/ansible-wazuh-manager/templates/cdb_lists.j2
diff --git a/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2
new file mode 100644
index 00000000..bc909dc7
--- /dev/null
+++ b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-api-configuration-config.js.j2
@@ -0,0 +1,95 @@
+
+var config = {};
+
+// Basic configuration
+
+// Path
+config.ossec_path = "/var/ossec";
+// The host to bind the API to.
+config.host = "{{ wazuh_manager_config.api.bind_addr }}";
+// TCP Port used by the API.
+config.port = "{{ wazuh_manager_config.api.port }}";
+// Use HTTP protocol over TLS/SSL. Values: yes, no.
+config.https = "{{ wazuh_manager_config.api.https }}";
+// Use HTTP authentication. Values: yes, no.
+config.basic_auth = "{{ wazuh_manager_config.api.basic_auth }}";
+//In case the API run behind a proxy server, turn to "yes" this feature. Values: yes, no.
+config.BehindProxyServer = "{{ wazuh_manager_config.api.behind_proxy_server }}";
+
+// HTTPS Certificates
+config.https_key = "{{ wazuh_manager_config.api.https_key }}"
+config.https_cert = "{{ wazuh_manager_config.api.https_cert }}"
+config.https_use_ca = "{{ wazuh_manager_config.api.https_use_ca }}"
+config.https_ca = "{{ wazuh_manager_config.api.https_ca }}"
+
+// Advanced configuration
+
+// Values for API log: disabled, info, warning, error, debug (each level includes the previous level).
+config.logs = "info";
+// Cross-origin resource sharing. Values: yes, no.
+config.cors = "yes";
+// Cache (time in milliseconds)
+config.cache_enabled = "yes";
+config.cache_debug = "no";
+config.cache_time = "750";
+// Log path
+config.log_path = config.ossec_path + "/logs/api.log";
+// Python
+config.python = [
+    // Default installation
+    {
+        bin: "python",
+        lib: ""
+    },
+    // Python 3
+    {
+        bin: "python3",
+        lib: ""
+    },
+    // Package 'python27' for CentOS 6
+    {
+        bin: "/opt/rh/python27/root/usr/bin/python",
+        lib: "/opt/rh/python27/root/usr/lib64"
+    }
+];
+// Shared library path
+config.ld_library_path = config.ossec_path + "/framework/lib"
+
+// Option to force the use of authd to remove and add agents
+config.use_only_authd = {{ wazuh_manager_config.api.use_only_authd }};
+
+// Option to drop privileges (run as ossec)
+config.drop_privileges = {{ wazuh_manager_config.api.drop_privileges }};
+
+// Activate features still under development
+config.experimental_features  = {{ wazuh_manager_config.api.experimental_features }};
+
+/************************* SSL OPTIONS ****************************************/
+// SSL protocol
+
+// SSL protocol to use. All available secure protocols available at:
+// https://www.openssl.org/docs/man1.0.2/ssl/ssl.html#DEALING-WITH-PROTOCOL-METHODS
+config.secureProtocol = "{{ wazuh_manager_config.api.secure_protocol }}";
+try {
+    // Disable the use of SSLv3, TLSv1.1 and TLSv1.0. All available secureOptions at: 
+    // https://nodejs.org/api/crypto.html#crypto_openssl_options
+    const crypto = require('crypto');
+    config.secureOptions = crypto.constants.SSL_OP_NO_SSLv3 |
+                           crypto.constants.SSL_OP_NO_TLSv1 | 
+                           crypto.constants.SSL_OP_NO_TLSv1_1;
+} catch (err) {
+    console.log("Could not configure NodeJS to avoid unsecure SSL/TLS protocols: " + err)
+}
+
+// SSL ciphersuit
+
+// When choosing a cipher, use the server's preferences instead of the client 
+// preferences. When not set, the SSL server will always follow the clients 
+// preferences. More info at: 
+// https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html
+config.honorCipherOrder = {{ wazuh_manager_config.api.honor_cipher_order }};
+// Modify default ciphersuit. More info: 
+// https://nodejs.org/api/tls.html#tls_modifying_the_default_tls_cipher_suite
+config.ciphers =  "{{ wazuh_manager_config.api.ciphers }}";
+
+module.exports = config;
diff --git a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
similarity index 100%
rename from ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
rename to roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
diff --git a/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
similarity index 100%
rename from ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
rename to roles/wazuh/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
diff --git a/ansible-wazuh-manager/templates/var-ossec-rules-local_decoder.xml.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_decoder.xml.j2
similarity index 100%
rename from ansible-wazuh-manager/templates/var-ossec-rules-local_decoder.xml.j2
rename to roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_decoder.xml.j2
diff --git a/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2 b/roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2
similarity index 100%
rename from ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2
rename to roles/wazuh/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2
diff --git a/ansible-wazuh-manager/vars/agentless_creeds.yml b/roles/wazuh/ansible-wazuh-manager/vars/agentless_creeds.yml
similarity index 100%
rename from ansible-wazuh-manager/vars/agentless_creeds.yml
rename to roles/wazuh/ansible-wazuh-manager/vars/agentless_creeds.yml
diff --git a/ansible-wazuh-manager/vars/authd_pass.yml b/roles/wazuh/ansible-wazuh-manager/vars/authd_pass.yml
similarity index 100%
rename from ansible-wazuh-manager/vars/authd_pass.yml
rename to roles/wazuh/ansible-wazuh-manager/vars/authd_pass.yml
diff --git a/ansible-wazuh-manager/vars/cdb_lists.yml b/roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml
similarity index 100%
rename from ansible-wazuh-manager/vars/cdb_lists.yml
rename to roles/wazuh/ansible-wazuh-manager/vars/cdb_lists.yml
diff --git a/ansible-wazuh-manager/vars/wazuh_api_creds.yml b/roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml
similarity index 100%
rename from ansible-wazuh-manager/vars/wazuh_api_creds.yml
rename to roles/wazuh/ansible-wazuh-manager/vars/wazuh_api_creds.yml
diff --git a/wazuh-elastic.yml b/wazuh-elastic.yml
deleted file mode 100644
index b2a06b3b..00000000
--- a/wazuh-elastic.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-- hosts: elasticsearch
-  roles:
-    - { role: ansible-role-elasticsearch, elasticsearch_network_host: '192.168.33.182' }
diff --git a/wazuh-elastic_stack-distributed.yml b/wazuh-elastic_stack-distributed.yml
deleted file mode 100644
index 72c49afd..00000000
--- a/wazuh-elastic_stack-distributed.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-- hosts: wazuh-manager
-  roles:
-    - role: ansible-wazuh-manager
-    - { role: ansible-role-filebeat, filebeat_output_logstash_hosts: '192.168.212.185:5000' }
-- hosts: elastic_stack
-  roles:
-    - { role: ansible-role-elasticsearch, elasticsearch_network_host: 'localhost' }
-    - { role: ansible-role-logstash, logstash_input_beats: true, elasticsearch_network_host: 'localhost' }
-    - { role: ansible-role-kibana, elasticsearch_network_host: 'localhost' }
diff --git a/wazuh-elastic_stack-single.yml b/wazuh-elastic_stack-single.yml
deleted file mode 100644
index fb31f941..00000000
--- a/wazuh-elastic_stack-single.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-
-- hosts: wazuh-ELK-single
-  roles:
-      - { role: ansible-wazuh-manager }
-      - { role: ansible-role-elasticsearch, elasticsearch_network_host: 'localhost' }
-      - { role: ansible-role-logstash, elasticsearch_network_host: 'localhost' }
-      - { role: ansible-role-kibana, elasticsearch_network_host: 'localhost' }
diff --git a/wazuh-kibana.yml b/wazuh-kibana.yml
deleted file mode 100644
index 8716efb6..00000000
--- a/wazuh-kibana.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-- hosts: kibana
-  roles:
-    - { role: ansible-role-kibana, elasticsearch_network_host: '192.168.33.182' }
diff --git a/wazuh-logstash.yml b/wazuh-logstash.yml
deleted file mode 100644
index 23f13c7f..00000000
--- a/wazuh-logstash.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-- hosts: logstash
-  roles:
-    - { role: ansible-role-logstash, elasticsearch_network_host: 'localhost' }
diff --git a/wazuh-manager.yml b/wazuh-manager.yml
deleted file mode 100644
index 831e8294..00000000
--- a/wazuh-manager.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-- hosts: wazuh-manager
-  roles:
-    - role: ansible-wazuh-manager
-    - { role: ansible-role-filebeat, filebeat_output_logstash_hosts: '192.168.33.169:5000' }