diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
index aef459e2..d74a391b 100644
--- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
@@ -123,7 +123,7 @@
 - name: Wait for Elasticsearch API
   uri:
     url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_cluster/health/"
-    user: "{{ elasticsearch_xpack_security_user }}"
+    user: "elastic" # Default Elasticsearch user is always "elastic"
     password: "{{ elasticsearch_xpack_security_password }}"
     validate_certs: no
     status_code: 200,401
@@ -141,7 +141,7 @@
     url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_security/user/{{ item.key }}"
     method: POST
     body_format: json
-    user: "{{ elasticsearch_xpack_security_user }}"
+    user: "elastic"
     password: "{{ elasticsearch_xpack_security_password }}"
     body: '{ "password" : "{{ item.value["password"] }}", "roles" : {{ item.value["roles"] }} }'
     validate_certs: no
diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml
index aba4060c..efde790c 100644
--- a/roles/elastic-stack/ansible-kibana/tasks/main.yml
+++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml
@@ -98,14 +98,13 @@
   tags: install
 
 - name: Install Wazuh-APP (can take a while)
-  shell: |
-    /usr/share/kibana/bin/kibana-plugin --allow-root install \
-    https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip
+  shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip"
   environment:
     NODE_OPTIONS: "--max-old-space-size=3072"
   args:
     executable: /bin/bash
-    creates: /usr/share/kibana/plugins/wazuh/package.json
+  become: yes
+  become_user: kibana
   notify: restart kibana
   tags:
     - install
diff --git a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2
index 5387bf8c..444cef06 100644
--- a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2
+++ b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2
@@ -162,7 +162,6 @@
       "data.dstip",
       "data.dstport",
       "data.dstuser",
-      "data.extra_data",
       "data.hardware.serial",
       "data.id",
       "data.integration",
@@ -944,9 +943,6 @@
           "data": {
             "type": "keyword"
           },
-          "extra_data": {
-            "type": "keyword"
-          },
           "system_name": {
             "type": "keyword"
           },