diff --git a/ansible-role-elk/tasks/main.yml b/ansible-role-elk/tasks/main.yml
index 4ed89641..0a2962b4 100644
--- a/ansible-role-elk/tasks/main.yml
+++ b/ansible-role-elk/tasks/main.yml
@@ -56,7 +56,7 @@
   command: /bin/bash /usr/share/kibana/bin/kibana-plugin list
   register: kibanainstalled
 
-- name: Restart Kibana if Wazuh-APP is installed
+- name: Install Wazuh-APP (can take a while)
   shell: /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_5.2.2.zip && service kibana restart
   when: kibanainstalled.stdout.find('wazuh') == -1
 
diff --git a/ansible-wazuh-agent/tasks/Debian.yml b/ansible-wazuh-agent/tasks/Debian.yml
index 56ce748b..3c89a952 100644
--- a/ansible-wazuh-agent/tasks/Debian.yml
+++ b/ansible-wazuh-agent/tasks/Debian.yml
@@ -21,6 +21,11 @@
   apt: update_cache=yes
   when: wazuh_repo.changed
 
+- name: Set Distribution CIS filename for debian
+  set_fact:
+    cis_distribution_filename: cis_debian_linux_rcl.txt
+  when: ansible_os_family == "Debian"
+
 - name: Debian/Ubuntu | Install wazuh-agent
   apt: pkg={{ item }}
        state=present
diff --git a/ansible-wazuh-agent/tasks/RedHat.yml b/ansible-wazuh-agent/tasks/RedHat.yml
index 80e8a177..9d60d9e8 100644
--- a/ansible-wazuh-agent/tasks/RedHat.yml
+++ b/ansible-wazuh-agent/tasks/RedHat.yml
@@ -14,6 +14,22 @@
     gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
     gpgcheck: yes
 
+
+- name: Set Distribution CIS filename for RHEL5
+  set_fact:
+    cis_distribution_filename: cis_rhel5_linux_rcl.txt
+  when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "5"
+
+- name: Set Distribution CIS filename for RHEL6
+  set_fact:
+    cis_distribution_filename: cis_rhel6_linux_rcl.txt
+  when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "6"
+
+- name: Set Distribution CIS filename for RHEL7
+  set_fact:
+    cis_distribution_filename: cis_rhel7_linux_rcl.txt
+  when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "7"
+
 - name: RedHat | Install Wazuh Agent
   yum: pkg={{ item }}
        state=present
diff --git a/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
index 9dd9ef37..f67e889b 100644
--- a/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@@ -42,7 +42,7 @@
   {% if ansible_distribution_major_version == '7' %}
   <content type="xccdf" path="ssg-rhel-7-ds.xml">
   {% elif ansible_distribution_major_version == '6' %}
-  <content type="xccdf" path="ssg-rhel-7-ds.xml">
+  <content type="xccdf" path="ssg-rhel-6-ds.xml">
   {% endif %}
   <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
     <profile>xccdf_org.ssgproject.content_profile_common</profile>
@@ -50,4 +50,60 @@
 </wodle>
 {% endif %}
 
+<rootcheck>
+  <disabled>no</disabled>
+  <check_unixaudit>yes</check_unixaudit>
+  <check_files>yes</check_files>
+  <check_trojans>yes</check_trojans>
+  <check_dev>yes</check_dev>
+  <check_sys>yes</check_sys>
+  <check_pids>yes</check_pids>
+  <check_ports>yes</check_ports>
+  <check_if>yes</check_if>
+
+  <!-- Frequency that rootcheck is executed - every 12 hours -->
+  <frequency>43200</frequency>
+
+  <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
+  <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
+  <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
+  <system_audit>/var/ossec/etc/shared/{{ cis_distribution_filename }}</system_audit>
+
+  <skip_nfs>yes</skip_nfs>
+</rootcheck>
+
+<syscheck>
+  <!-- Frequency that syscheck is executed -- default every 20 hours -->
+  <frequency>{{ ossec_agent_config.frequency_check }}</frequency>
+  <scan_on_start>{{ ossec_agent_config.syscheck_scan_on_start }}</scan_on_start>
+
+  <!-- Directories to check  (perform all possible verifications) -->
+{% for directory in ossec_agent_config.directories %}
+ <directories check_all="{{ directory.check_all }}">{{ directory.dirs }}</directories>
+{% endfor %}
+
+  <!-- Files/directories to ignore -->
+  {% for ignore_file in ossec_agent_config.ignore_files %}
+  <ignore>{{ ignore_file }}</ignore>
+  {% endfor %}
+
+  <!-- Files no diff -->
+  {% for no_diff in ossec_agent_config.no_diff %}
+  <nodiff>{{ no_diff }}</nodiff>
+  {% endfor %}
+</syscheck>
+
+<!-- Files to monitor (localfiles) -->
+{% for localfile in ossec_agent_config.localfiles %}
+<localfile>
+   <log_format>{{ localfile.format }}</log_format>
+   {% if localfile.format == 'command' or localfile.format == 'full_command' %}
+   <command>{{ localfile.command }}</command>
+   <frequency>{{ localfile.frequency }}</frequency>
+   {% else %}
+   <location>{{ localfile.location }}</location>
+   {% endif %}
+</localfile>
+{% endfor %}
+
 </ossec_config>
diff --git a/ansible-wazuh-agent/vars/main.yml b/ansible-wazuh-agent/vars/main.yml
index 285e8384..9ceab9e8 100644
--- a/ansible-wazuh-agent/vars/main.yml
+++ b/ansible-wazuh-agent/vars/main.yml
@@ -1,2 +1,43 @@
 ---
 # vars file for ossec-agent
+ossec_agent_config:
+  frequency_check: 43200
+  syscheck_scan_on_start: 'yes'
+  ignore_files:
+    - /etc/mtab
+    - /etc/mnttab
+    - /etc/hosts.deny
+    - /etc/mail/statistics
+    - /etc/random-seed
+    - /etc/random.seed
+    - /etc/adjtime
+    - /etc/httpd/logs
+    - /etc/utmpx
+    - /etc/wtmpx
+    - /etc/cups/certs
+    - /etc/dumpdates
+    - /etc/svc/volatile
+  no_diff:
+    - /etc/ssl/private.key
+  directories:
+    - check_all: 'yes'
+      dirs: /etc,/usr/bin,/usr/sbin
+    - check_all: 'yes'
+      dirs: /bin,/sbin
+  localfiles:
+    - format: 'syslog'
+      location: '/var/log/messages'
+    - format: 'syslog'
+      location: '/var/log/secure'
+    - format: 'command'
+      command: 'df -P'
+      frequency: '360'
+    - format: 'full_command'
+      command: 'netstat -tln | grep -v 127.0.0.1 | sort'
+      frequency: '360'
+    - format: 'full_command'
+      command: 'last -n 20'
+      frequency: '360'
+  globals:
+    - '127.0.0.1'
+    - '192.168.2.1'
diff --git a/ansible-wazuh-server/templates/var-ossec-rules-local_rules.xml.j2 b/ansible-wazuh-server/templates/var-ossec-rules-local_rules.xml.j2
index 572edd9e..d76ccfb8 100644
--- a/ansible-wazuh-server/templates/var-ossec-rules-local_rules.xml.j2
+++ b/ansible-wazuh-server/templates/var-ossec-rules-local_rules.xml.j2
@@ -18,6 +18,14 @@
 
 <group name="local,syslog,">
 
+
+<rule id="5703" level="10" frequency="10" timeframe="360" overwrite="yes">
+  <if_matched_sid>5702</if_matched_sid>
+  <description>sshd: Possible breakin attempt </description>
+  <description>(high number of reverse lookup errors).</description>
+  <group>pci_dss_11.4,</group>
+</rule>
+
   <!-- Note that rule id 5711 is defined at the ssh_rules file
     -  as a ssh failed login. This is just an example
     -  since ip 1.1.1.1 shouldn't be used anywhere.
@@ -30,19 +38,19 @@
     <description>failed logins from IP 1.1.1.1.</description>
   </rule>
   
-  
+
   <!-- This example will ignore ssh failed logins for the user name XYZABC.
     -->
-  <!--  
-  <rule id="100020" level="0">
+  <!--
+  <rule id="100020" level="0" >
     <if_sid>5711</if_sid>
     <user>XYZABC</user>
     <description>Example of rule that will ignore sshd </description>
     <description>failed logins for user XYZABC.</description>
   </rule>
   -->
-  
-  
+
+
   <!-- Specify here a list of rules to ignore. -->
   <!--
   <rule id="100030" level="0">
@@ -50,7 +58,7 @@
     <description>List of rules to be ignored.</description>
   </rule>
   -->
-   
+
 </group> <!-- SYSLOG,LOCAL -->
 
 
diff --git a/ansible-wazuh-server/vars/main.yml b/ansible-wazuh-server/vars/main.yml
index c9b7c2b1..95c8cf27 100644
--- a/ansible-wazuh-server/vars/main.yml
+++ b/ansible-wazuh-server/vars/main.yml
@@ -1,6 +1,6 @@
 ossec_server_config:
   mail_to:
-    - me@example.com
+    - jose@wazuh.com
   mail_smtp_server: localhost
   mail_from: ossec@example.com
   frequency_check: 43200
diff --git a/wazuh-agent.yml b/wazuh-agent.yml
index e2ab4aae..db13438f 100644
--- a/wazuh-agent.yml
+++ b/wazuh-agent.yml
@@ -1,3 +1,3 @@
 - hosts: all:!wazuh-manager
   roles:
-     - { role: ansible-wazuh-agent, ossec_server_ip: 192.168.33.170 }
+     - { role: ansible-wazuh-agent, ossec_server_ip: 192.168.33.169 }
diff --git a/wazuh-manager.yml b/wazuh-manager.yml
index cb37fab0..22139ecf 100644
--- a/wazuh-manager.yml
+++ b/wazuh-manager.yml
@@ -1,4 +1,4 @@
 - hosts: wazuh-manager
   roles:
     - role: ansible-wazuh-server
-    - role: ansible-role-filebeat
+    - { role: ansible-role-filebeat, filebeat_output_logstash_hosts: '192.168.33.177:5000' }