diff --git a/ansible-role-elasticsearch/defaults/main.yml b/ansible-role-elasticsearch/defaults/main.yml
index 93feb04f..c8063a38 100644
--- a/ansible-role-elasticsearch/defaults/main.yml
+++ b/ansible-role-elasticsearch/defaults/main.yml
@@ -3,5 +3,7 @@ elasticsearch_cluster_name: wazuh
 elasticsearch_node_name: node-1
 elasticsearch_http_port: 9200
 elasticsearch_network_host: 127.0.0.1
-elasticsearch_jvm_xms: 2000
-elastic_stack_version: 5.5.0
+elasticsearch_jvm_xms: null
+elastic_stack_version: 5.5.2
+elasticsearch_shards: 5
+elasticsearch_replicas: 1
diff --git a/ansible-role-elasticsearch/tasks/main.yml b/ansible-role-elasticsearch/tasks/main.yml
index 59c02bbb..7e8df66d 100644
--- a/ansible-role-elasticsearch/tasks/main.yml
+++ b/ansible-role-elasticsearch/tasks/main.yml
@@ -31,6 +31,39 @@
     enabled: yes
     state: started
 
+- name: Make sure Elasticsearch is running before proceeding
+  wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=300
+  tags:
+    - configure
+    - init
+
+- name: Check for Wazuh template
+  uri:
+    url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh"
+    method: GET
+    status_code: 200, 404
+  register: wazuh_template_exits
+  tags: init
+
+- name: Installing Wazuh template
+  uri:
+    url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh"
+    method: PUT
+    status_code: 200
+    body_format: json
+    body: "{{ lookup('template','wazuh-elastic5-template.json.j2') }}"
+  when: wazuh_template_exits.status != 200
+  tags: init
+
+- name: Injecting sample alert
+  uri:
+    url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/wazuh-alerts-{{ ansible_date_time.date | regex_replace('-', '.') }}/wazuh/sample"
+    method: PUT
+    status_code: 200, 201
+    body_format: json
+    body: "{{ lookup('template','alert_sample.json.j2') }}"
+  tags: init
+
 - include: "RMRedHat.yml"
   when: ansible_os_family == "RedHat"
 
diff --git a/ansible-role-elasticsearch/templates/alert_sample.json.j2 b/ansible-role-elasticsearch/templates/alert_sample.json.j2
new file mode 100644
index 00000000..68cf86d7
--- /dev/null
+++ b/ansible-role-elasticsearch/templates/alert_sample.json.j2
@@ -0,0 +1,72 @@
+{
+  "@timestamp": "2015-03-18T15:55:55.000Z",
+  "AlertsFile": "sample",
+  "title": "sample",
+  "full_log": "sample",
+  "id": "sample",
+  "srcuser": "sample",
+  "srcip": "sample",
+  "location": "sample",
+  "GeoLocation": {
+    "country_name": "sample",
+    "location": [0.0,0.0]
+  },
+  "agent": {
+    "name": "sample"
+  },
+  "audit": {
+    "command": "sample",
+    "type": "sample",
+    "egid": "sample",
+    "euid": "sample",
+    "exe": "sample",
+    "gid": "sample",
+    "uid": "sample",
+    "directory": {
+      "name": "sample"
+    },
+    "file": {
+      "mode": "sample",
+      "name": "sample"
+    }
+  },
+  "oscap": {
+    "check": {
+      "result": "sample",
+      "severity": "sample",
+      "title": "sample"
+    },
+    "scan": {
+	  "id": "sample",
+      "content": "sample",
+      "score": 1.55,
+      "profile": {
+        "title": "sample"
+      }
+    }
+  },
+  "rule": {
+    "cis": ["sample"],
+    "description": "sample",
+    "groups": ["sample"],
+    "id": "sample",
+    "level": 0,
+    "pci_dss": ["sample"]
+  },
+  "syscheck": {
+    "gname_after": "sample",
+    "gname_before": "sample",
+    "guid_after": "sample",
+    "guid_before": "sample",
+    "md5_after": "sample",
+    "md5_before": "sample",
+    "path": "sample",
+    "perm_after": "sample",
+    "perm_before": "sample",
+    "uid_after": "sample",
+    "uid_before": "sample",
+    "uname_after": "sample",
+    "uname_before": "sample",
+    "event": "sample"
+  }
+}
diff --git a/ansible-role-elasticsearch/templates/jvm.options.j2 b/ansible-role-elasticsearch/templates/jvm.options.j2
index 10829b90..576b9cc3 100644
--- a/ansible-role-elasticsearch/templates/jvm.options.j2
+++ b/ansible-role-elasticsearch/templates/jvm.options.j2
@@ -20,7 +20,7 @@
 
 # Xms represents the initial size of total heap space
 # Xmx represents the maximum size of total heap space
-{% if elasticsearch_jvm_xms is defined %}
+{% if elasticsearch_jvm_xms is not none %}
 {% if elasticsearch_jvm_xms < 32000 %}
 -Xms{{ elasticsearch_jvm_xms }}m
 -Xmx{{ elasticsearch_jvm_xms }}m
diff --git a/ansible-role-elasticsearch/templates/wazuh-elastic5-template.json.j2 b/ansible-role-elasticsearch/templates/wazuh-elastic5-template.json.j2
new file mode 100644
index 00000000..10107191
--- /dev/null
+++ b/ansible-role-elasticsearch/templates/wazuh-elastic5-template.json.j2
@@ -0,0 +1,622 @@
+{
+  "order": 0,
+  "template": "wazuh*",
+  "settings": {
+    "index.refresh_interval": "5s",
+    "number_of_shards": {{ elasticsearch_shards }},
+    "number_of_replicas": {{ elasticsearch_replicas }}
+  },
+  "mappings": {
+    "wazuh": {
+      "dynamic_templates": [
+        {
+          "string_as_keyword": {
+            "match_mapping_type": "string",
+            "mapping": {
+              "type": "keyword",
+              "doc_values": "true"
+            }
+          }
+        }
+      ],
+      "properties": {
+        "@timestamp": {
+          "type": "date",
+          "format": "dateOptionalTime"
+        },
+        "@version": {
+          "type": "text"
+        },
+        "agent": {
+          "properties": {
+            "ip": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "id": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "name": {
+              "type": "keyword",
+              "doc_values": "true"
+            }
+          }
+        },
+        "manager": {
+          "properties": {
+            "name": {
+              "type": "keyword",
+              "doc_values": "true"
+            }
+          }
+        },
+        "dstuser": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "AlertsFile": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "full_log": {
+          "type": "text"
+        },
+        "previous_log": {
+          "type": "text"
+        },
+        "GeoLocation": {
+          "properties": {
+            "area_code": {
+              "type": "long"
+            },
+            "city_name": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "continent_code": {
+              "type": "text"
+            },
+            "coordinates": {
+              "type": "double"
+            },
+            "country_code2": {
+              "type": "text"
+            },
+            "country_code3": {
+              "type": "text"
+            },
+            "country_name": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "dma_code": {
+              "type": "long"
+            },
+            "ip": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "latitude": {
+              "type": "double"
+            },
+            "location": {
+              "type": "geo_point"
+            },
+            "longitude": {
+              "type": "double"
+            },
+            "postal_code": {
+              "type": "keyword"
+            },
+            "real_region_name": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "region_name": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "timezone": {
+              "type": "text"
+            }
+          }
+        },
+        "host": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "syscheck": {
+          "properties": {
+            "path": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "sha1_before": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "sha1_after": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "uid_before": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "uid_after": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "gid_before": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "gid_after": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "perm_before": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "perm_after": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "md5_after": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "md5_before": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "gname_after": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "gname_before": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "inode_after": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "inode_before": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "mtime_after": {
+              "type": "date",
+              "format": "dateOptionalTime",
+              "doc_values": "true"
+            },
+            "mtime_before": {
+              "type": "date",
+              "format": "dateOptionalTime",
+              "doc_values": "true"
+            },
+            "uname_after": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "uname_before": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "size_before": {
+              "type": "long",
+              "doc_values": "true"
+            },
+            "size_after": {
+              "type": "long",
+              "doc_values": "true"
+            },
+            "diff": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "event": {
+              "type": "keyword",
+              "doc_values": "true"
+            }
+          }
+        },
+        "location": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "message": {
+          "type": "text"
+        },
+        "offset": {
+          "type": "keyword"
+        },
+        "rule": {
+          "properties": {
+            "description": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "groups": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "level": {
+              "type": "long",
+              "doc_values": "true"
+            },
+            "id": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "cve": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "info": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "frequency": {
+              "type": "long",
+              "doc_values": "true"
+            },
+            "firedtimes": {
+              "type": "long",
+              "doc_values": "true"
+            },
+            "cis": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "pci_dss": {
+              "type": "keyword",
+              "doc_values": "true"
+            }
+          }
+        },
+        "decoder": {
+          "properties": {
+            "parent": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "name": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "ftscomment": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "fts": {
+              "type": "long",
+              "doc_values": "true"
+            },
+            "accumulate": {
+              "type": "long",
+              "doc_values": "true"
+            }
+          }
+        },
+        "srcip": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "protocol": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "action": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "dstip": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "dstport": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "srcuser": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "program_name": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "id": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "status": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "command": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "url": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "data": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "system_name": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "type": {
+          "type": "text"
+        },
+        "title": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "oscap": {
+          "properties": {
+            "check.title": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "check.id": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "check.result": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "check.severity": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "check.description": {
+              "type": "text"
+            },
+            "check.rationale": {
+              "type": "text"
+            },
+            "check.references": {
+              "type": "text"
+            },
+            "check.identifiers": {
+              "type": "text"
+            },
+            "check.oval.id": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "scan.id": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "scan.content": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "scan.benchmark.id": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "scan.profile.title": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "scan.profile.id": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "scan.score": {
+              "type": "double",
+              "doc_values": "true"
+            },
+            "scan.return_code": {
+              "type": "long",
+              "doc_values": "true"
+            }
+          }
+        },
+        "audit": {
+          "properties": {
+            "type": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "id": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "syscall": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "exit": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "ppid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "pid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "auid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "uid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "gid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "euid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "suid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "fsuid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "egid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "sgid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "fsgid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "tty": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "session": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "command": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "exe": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "key": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "cwd": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "directory.name": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "directory.inode": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "directory.mode": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "file.name": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "file.inode": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "file.mode": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "acct": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "dev": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "enforcing": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "list": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "old-auid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "old-ses": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "old_enforcing": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "old_prom": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "op": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "prom": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "res": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "srcip": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "subj": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "success": {
+              "type": "keyword",
+              "doc_values": "true"
+            }
+          }
+        }
+      }
+    },
+    "agent": {
+      "properties": {
+        "@timestamp": {
+          "type": "date",
+          "format": "dateOptionalTime"
+        },
+        "status": {
+          "type": "keyword"
+        },
+        "ip": {
+          "type": "keyword"
+        },
+        "host": {
+          "type": "keyword"
+        },
+        "name": {
+          "type": "keyword"
+        },
+        "id": {
+          "type": "keyword"
+        }
+      }
+    }
+  }
+}
diff --git a/ansible-role-kibana/defaults/main.yml b/ansible-role-kibana/defaults/main.yml
index 339df35f..b68a998a 100644
--- a/ansible-role-kibana/defaults/main.yml
+++ b/ansible-role-kibana/defaults/main.yml
@@ -3,4 +3,4 @@ elasticsearch_http_port: "9200"
 elasticsearch_network_host: "127.0.0.1"
 kibana_server_host: "0.0.0.0"
 kibana_server_port: "5601"
-elastic_stack_version: 5.5.0
+elastic_stack_version: 5.5.2
diff --git a/ansible-role-kibana/tasks/main.yml b/ansible-role-kibana/tasks/main.yml
index 83d465f7..d68ebda2 100644
--- a/ansible-role-kibana/tasks/main.yml
+++ b/ansible-role-kibana/tasks/main.yml
@@ -35,7 +35,7 @@
   tags: install
 
 - name: Install Wazuh-APP (can take a while)
-  shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_{{ elastic_stack_version }}.zip"
+  shell: "/usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-2.1.0_{{ elastic_stack_version }}.zip"
   args:
     creates: /usr/share/kibana/plugins/wazuh/package.json
   notify: restart kibana
diff --git a/ansible-role-logstash/defaults/main.yml b/ansible-role-logstash/defaults/main.yml
index 0eba9a32..a4563477 100644
--- a/ansible-role-logstash/defaults/main.yml
+++ b/ansible-role-logstash/defaults/main.yml
@@ -4,7 +4,9 @@ logstash_input_beats: false
 
 elasticsearch_network_host: "127.0.0.1"
 elasticsearch_http_port: "9200"
-elastic_stack_version: 5.5.0
+elasticsearch_shards: 5
+elasticsearch_replicas: 1
+elastic_stack_version: 5.5.2
 
 logstash_ssl: false
 logstash_ssl_dir: /etc/pki/logstash
diff --git a/ansible-role-logstash/tasks/Debian.yml b/ansible-role-logstash/tasks/Debian.yml
index 8ed0440d..3bb7976a 100644
--- a/ansible-role-logstash/tasks/Debian.yml
+++ b/ansible-role-logstash/tasks/Debian.yml
@@ -42,6 +42,7 @@
 - name: Debian/Ubuntu | Checking if wazuh-manager is installed
   command: dpkg -l wazuh-manager
   register: wazuh_manager_check_deb
+  when: logstash_input_beats == false
   args:
     warn: no
 
diff --git a/ansible-role-logstash/tasks/RedHat.yml b/ansible-role-logstash/tasks/RedHat.yml
index 51df05da..eff66dc5 100644
--- a/ansible-role-logstash/tasks/RedHat.yml
+++ b/ansible-role-logstash/tasks/RedHat.yml
@@ -28,6 +28,7 @@
 - name: RedHat/CentOS/Fedora | Checking if wazuh-manager is installed
   command: rpm -q wazuh-manager
   register: wazuh_manager_check_rpm
+  when: logstash_input_beats == false
   args:
     warn: no
 
diff --git a/ansible-role-logstash/templates/01-wazuh.conf.j2 b/ansible-role-logstash/templates/01-wazuh.conf.j2
index bbfdb32a..58c19101 100644
--- a/ansible-role-logstash/templates/01-wazuh.conf.j2
+++ b/ansible-role-logstash/templates/01-wazuh.conf.j2
@@ -1,3 +1,4 @@
+#jinja2: trim_blocks:False
 # {{ ansible_managed }}
 # Wazuh - Logstash configuration file
 
diff --git a/ansible-role-logstash/templates/wazuh-elastic5-template.json.j2 b/ansible-role-logstash/templates/wazuh-elastic5-template.json.j2
index f3611d4a..10107191 100644
--- a/ansible-role-logstash/templates/wazuh-elastic5-template.json.j2
+++ b/ansible-role-logstash/templates/wazuh-elastic5-template.json.j2
@@ -3,8 +3,8 @@
   "template": "wazuh*",
   "settings": {
     "index.refresh_interval": "5s",
-    "number_of_shards" :   1,
-    "number_of_replicas" : 0
+    "number_of_shards": {{ elasticsearch_shards }},
+    "number_of_replicas": {{ elasticsearch_replicas }}
   },
   "mappings": {
     "wazuh": {
diff --git a/ansible-wazuh-agent/defaults/main.yml b/ansible-wazuh-agent/defaults/main.yml
index 22682137..def57641 100644
--- a/ansible-wazuh-agent/defaults/main.yml
+++ b/ansible-wazuh-agent/defaults/main.yml
@@ -1,12 +1,29 @@
 ---
-wazuh_manager_ip: 127.0.0.1
-wazuh_manager_proto: udp
-wazuh_authd_port: 1515
-wazuh_register_client: false
+wazuh_manager_ip: null
+wazuh_profile: null
+wazuh_manager_proto: tcp
+wazuh_agent_authd:
+  enable: false
+  port: 1515
+  ssl_agent_ca: null
+  ssl_agent_cert: null
+  ssl_agent_key: null
+  ssl_auto_negotiate: 'no'
+wazuh_notify_time: null
+wazuh_time_reconnect: null
+wazuh_winagent_config:
+  install_dir: 'C:\wazuh-agent\'
+  version: '2.1.0'
+  revision: '1'
+  repo: https://packages.wazuh.com/windows/
+  md5: 715fbd55f670c2cecc607f2cbd0b2310
 wazuh_agent_config:
+  log_format: 'plain'
   syscheck:
     frequency: 43200
     scan_on_start: 'yes'
+    auto_ignore: 'no'
+    alert_new_files: 'yes'
     ignore:
       - /etc/mtab
       - /etc/mnttab
@@ -28,6 +45,10 @@ wazuh_agent_config:
         checks: 'check_all="yes"'
       - dirs: /bin,/sbin
         checks: 'check_all="yes"'
+    windows_registry:
+      - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile'
+        arch: 'both'
+      - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder'
   rootcheck:
     frequency: 43200
   openscap:
diff --git a/ansible-wazuh-agent/handlers/main.yml b/ansible-wazuh-agent/handlers/main.yml
index f778a145..bb84954e 100644
--- a/ansible-wazuh-agent/handlers/main.yml
+++ b/ansible-wazuh-agent/handlers/main.yml
@@ -1,3 +1,6 @@
 ---
 - name: restart wazuh-agent
   service: name=wazuh-agent state=restarted enabled=yes
+
+- name: restart wazuh-agent windows
+  win_service: name=OssecSvc start_mode=auto state=restarted
diff --git a/ansible-wazuh-agent/tasks/Linux.yml b/ansible-wazuh-agent/tasks/Linux.yml
new file mode 100644
index 00000000..2ebfe29c
--- /dev/null
+++ b/ansible-wazuh-agent/tasks/Linux.yml
@@ -0,0 +1,89 @@
+---
+- include: "RedHat.yml"
+  when: ansible_os_family == "RedHat"
+
+- include: "Debian.yml"
+  when: ansible_os_family == "Debian"
+
+- name: Linux | Install wazuh-agent
+  package: name=wazuh-agent state=latest
+  tags:
+    - init
+
+- name: Retrieving authd Credentials
+  include_vars: authd_pass.yml
+  tags:
+    - config
+
+- name: Copy CA, SSL key and cert for authd
+  copy:
+    src: "{{ item }}"
+    dest: "/var/ossec/etc/{{ item | basename }}"
+    mode: 0644
+  with_items:
+    - "{{ wazuh_agent_authd.ssl_agent_ca }}"
+    - "{{ wazuh_agent_authd.ssl_agent_cert }}"
+    - "{{ wazuh_agent_authd.ssl_agent_key }}"
+  tags:
+    - config
+  when:
+    - wazuh_agent_authd.ssl_agent_ca is not none
+    - wazuh_agent_authd.enable == true
+
+- name: Linux | Check if client.keys exists
+  stat: path=/var/ossec/etc/client.keys
+  register: check_keys
+  tags:
+    - config
+
+- name: Linux | Register agent
+  shell: >
+    /var/ossec/bin/agent-auth
+    -m {{ wazuh_manager_ip }}
+    -p {{ wazuh_agent_authd.port }}
+    {% if authd_pass is defined %}-P {{ authd_pass }}{% endif %}
+    {% if wazuh_agent_authd.ssl_agent_ca is not none %}
+    -v "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_ca | basename }}"
+    -x "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_cert | basename }}"
+    -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}"
+    {% endif %}
+    {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %}-a{% endif %}
+  register: agent_auth_output
+  when:
+    - wazuh_agent_authd.enable == true
+    - check_keys.stat.size == 0
+    - wazuh_manager_ip is not none
+  tags:
+    - config
+
+- name: Linux | Verify agent registration
+  shell: echo {{ agent_auth_output }} | grep "Valid key created"
+  when:
+    - wazuh_agent_authd.enable == true
+    - check_keys.stat.size == 0
+    - wazuh_manager_ip is not none
+  tags:
+    - config
+
+- name: Linux | Installing agent configuration (ossec.conf)
+  template: src=var-ossec-etc-ossec-agent.conf.j2
+            dest=/var/ossec/etc/ossec.conf
+            owner=root
+            group=ossec
+            mode=0644
+  notify: restart wazuh-agent
+  tags:
+    - init
+    - config
+
+- name: Linux | Ensure Wazuh Agent service is started and enabled
+  service:
+    name: wazuh-agent
+    enabled: yes
+    state: started
+
+- include: "RMRedHat.yml"
+  when: ansible_os_family == "RedHat"
+
+- include: "RMDebian.yml"
+  when: ansible_os_family == "Debian"
diff --git a/ansible-wazuh-agent/tasks/RMDebian.yml b/ansible-wazuh-agent/tasks/RMDebian.yml
index 81befd12..a392c44d 100644
--- a/ansible-wazuh-agent/tasks/RMDebian.yml
+++ b/ansible-wazuh-agent/tasks/RMDebian.yml
@@ -1,4 +1,5 @@
 ---
-- apt_repository:
+- name: Remove Wazuh repository (and clean up left-over metadata)
+  apt_repository:
     repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main
     state: absent
diff --git a/ansible-wazuh-agent/tasks/Windows.yml b/ansible-wazuh-agent/tasks/Windows.yml
new file mode 100644
index 00000000..0de57d7b
--- /dev/null
+++ b/ansible-wazuh-agent/tasks/Windows.yml
@@ -0,0 +1,79 @@
+---
+- name: Windows | Get current installed version
+  win_shell: "{{ wazuh_winagent_config.install_dir }}ossec-agent.exe -h"
+  args:
+    removes: "{{ wazuh_winagent_config.install_dir }}ossec-agent.exe"
+  register: agent_version
+  failed_when: False
+  changed_when: False
+
+- name: Windows | Check Wazuh agent version installed
+  set_fact: correct_version=true
+  when:
+    - agent_version.stdout is defined
+    - wazuh_winagent_config.version in agent_version.stdout
+
+- name: Windows | Downloading windows Wazuh agent installer
+  win_get_url:
+    dest: C:\wazuh-agent-installer.exe
+    url: "{{ wazuh_winagent_config.repo }}wazuh-winagent-v{{ wazuh_winagent_config.version }}-{{ wazuh_winagent_config.revision }}.exe"
+  when:
+    - correct_version is not defined
+
+- name: Windows | Verify the downloaded Wazuh agent installer
+  win_stat:
+    path: C:\wazuh-agent-installer.exe
+    get_checksum: yes
+    checksum_algorithm: md5
+  register: installer_md5
+  when:
+    - correct_version is not defined
+  failed_when:
+    - installer_md5.stat.checksum != wazuh_winagent_config.md5
+
+- name: Windows | Install Wazuh agent
+  win_shell: C:\wazuh-agent-installer.exe /S /D={{ wazuh_winagent_config.install_dir }}
+  when:
+    - correct_version is not defined
+
+- name: Windows | Check if client.keys exists
+  win_stat: path="{{ wazuh_winagent_config.install_dir }}client.keys"
+  register: check_windows_key
+  notify: restart wazuh-agent windows
+  tags:
+    - config
+
+- name: Retrieving authd Credentials
+  include_vars: authd_pass.yml
+  tags:
+    - config
+
+- name: Windows | Register agent
+  win_shell: >
+    {{ wazuh_winagent_config.install_dir }}agent-auth.exe
+    -m {{ wazuh_manager_ip }}
+    -p {{ wazuh_agent_authd.port }}
+    {% if authd_pass is defined %}-P {{ authd_pass }}{% endif %}
+  args:
+    chdir: "{{ wazuh_winagent_config.install_dir }}"
+  register: agent_auth_output
+  notify: restart wazuh-agent windows
+  when:
+    - wazuh_agent_authd.enable == true
+    - check_windows_key.stat.exists == false
+    - wazuh_manager_ip is not none
+  tags:
+    - config
+
+- name: Windows | Installing agent configuration (ossec.conf)
+  win_template:
+    src: var-ossec-etc-ossec-agent.conf.j2
+    dest: "{{ wazuh_winagent_config.install_dir }}ossec.conf"
+  notify: restart wazuh-agent windows
+  tags:
+    - config
+
+- name: Windows | Delete downloaded Wazuh agent installer file
+  win_file:
+    path: C:\wazuh-agent-installer.exe
+    state: absent
diff --git a/ansible-wazuh-agent/tasks/main.yml b/ansible-wazuh-agent/tasks/main.yml
index 9f332b81..ade60835 100644
--- a/ansible-wazuh-agent/tasks/main.yml
+++ b/ansible-wazuh-agent/tasks/main.yml
@@ -1,47 +1,6 @@
 ---
-- include: "RedHat.yml"
-  when: ansible_os_family == "RedHat"
+- include: "Windows.yml"
+  when: ansible_os_family == "Windows"
 
-- include: "Debian.yml"
-  when: ansible_os_family == "Debian"
-
-- name: Install wazuh-agent
-  package: name=wazuh-agent state=present
-  tags:
-    - init
-
-- name: "Register agent"
-  shell: /var/ossec/bin/agent-auth -m {{ wazuh_manager_ip }} -p {{ wazuh_authd_port }}
-  register: agent_auth_output
-  when: wazuh_register_client == true
-  tags:
-    - config
-
-- name: "Verify agent registration"
-  shell: echo {{ agent_auth_output }} | grep "Valid key created"
-  when: wazuh_register_client == true
-  tags:
-    - config
-
-- name: "Installing agent configuration (ossec.conf)"
-  template: src=var-ossec-etc-ossec-agent.conf.j2
-            dest=/var/ossec/etc/ossec.conf
-            owner=root
-            group=ossec
-            mode=0644
-  notify: restart wazuh-agent
-  tags:
-    - init
-    - config
-
-- name: Ensure Wazuh Agent service is started and enabled
-  service:
-    name: wazuh-agent
-    enabled: yes
-    state: started
-
-- include: "RMRedHat.yml"
-  when: ansible_os_family == "RedHat"
-
-- include: "RMDebian.yml"
-  when: ansible_os_family == "Debian"
+- include: "Linux.yml"
+  when: ansible_system == "Linux"
diff --git a/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
index 35c83fbb..d50fd470 100644
--- a/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@@ -1,4 +1,4 @@
-#jinja2: lstrip_blocks: True
+#jinja2: trim_blocks: False
 <!--
   Wazuh - Agent
   More info at: https://documentation.wazuh.com
@@ -7,20 +7,32 @@
 
 <ossec_config>
   <client>
+    {% if wazuh_manager_ip is not none %}
     <server-ip>{{ wazuh_manager_ip }}</server-ip>
-    {% if wazuh_profile is defined %}
+    {% else %}
+    <server-ip>SERVER-IP</server-ip>
+    {% endif %}
+    {% if wazuh_profile is not none %}
     <config-profile>{{ wazuh_profile }}</config-profile>
     {% endif %}
     <protocol>{{ wazuh_manager_proto }}</protocol>
     {% if wazuh_manager_port is defined %}
     <port>{{ wazuh_manager_port }}</port>
     {% endif %}
-    {% if wazuh_notify_time is defined and wazuh_time_reconnect is defined %}
+    {% if wazuh_notify_time is not none and wazuh_time_reconnect is not none %}
     <notify_time>{{ wazuh_notify_time }}</notify_time>
     <time-reconnect>{{ wazuh_time_reconnect }}</time-reconnect>
     {% endif %}
   </client>
 
+  <logging>
+    <log_format>{{ wazuh_agent_config.log_format }}</log_format>
+  </logging>
+
+  <active-response>
+    <disabled>no</disabled>
+  </active-response> 
+
   <rootcheck>
     <disabled>no</disabled>
     <check_unixaudit>yes</check_unixaudit>
@@ -35,6 +47,13 @@
     <!-- Frequency that rootcheck is executed - every 12 hours -->
     <frequency>{{ wazuh_agent_config.rootcheck.frequency }}</frequency>
 
+    {% if ansible_os_family == "Windows" %}
+    <windows_audit>./shared/win_audit_rcl.txt</windows_audit>
+    <windows_apps>./shared/win_applications_rcl.txt</windows_apps>
+    <windows_malware>./shared/win_malware_rcl.txt</windows_malware>
+    {% endif %}
+
+    {% if ansible_system == "Linux" %}
     <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
     <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
     <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
@@ -42,11 +61,23 @@
     {% if cis_distribution_filename is defined %}
     <system_audit>/var/ossec/etc/shared/{{ cis_distribution_filename }}</system_audit>
     {% endif %}
+    {% endif %}
 
     <skip_nfs>yes</skip_nfs>
   </rootcheck>
 
   <syscheck>
+    <disabled>no</disabled>
+    {% if ansible_os_family == "Windows" %}
+    <directories check_all="yes" realtime="yes" restrict="^C:\wazuh-agent/shared/agent.conf$">C:\wazuh-agent</directories>
+    {% endif %}
+
+    {% if ansible_system == "Linux" %}
+    <directories check_all="yes" realtime="yes" restrict="^/var/ossec/etc/shared/agent.conf$">/var/ossec/etc/shared</directories>
+    {% endif %}
+
+    <auto_ignore>{{ wazuh_agent_config.syscheck.auto_ignore }}</auto_ignore>
+    <alert_new_files>{{ wazuh_agent_config.syscheck.alert_new_files }}</alert_new_files>
     <!-- Frequency that syscheck is executed -- default every 20 hours -->
     <frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency>
     <scan_on_start>{{ wazuh_agent_config.syscheck.scan_on_start }}</scan_on_start>
@@ -69,9 +100,19 @@
     {% for no_diff in wazuh_agent_config.syscheck.no_diff %}
     <nodiff>{{ no_diff }}</nodiff>
     {% endfor %}
+
+    {% if ansible_os_family == "Windows" %}
+    {% for registry_key in wazuh_agent_config.syscheck.windows_registry %}
+    {% if registry_key.arch is defined %}
+    <windows_registry arch="{{ registry_key.arch }}">{{ registry_key.key }}</windows_registry>
+    {% else %}
+    <windows_registry>{{ registry_key.key }}</windows_registry>
+    {% endif %}
+    {% endfor %}
+    {% endif %}
   </syscheck>
 
-  {% if wazuh_agent_config.openscap.disable  == 'no' %}
+  {% if wazuh_agent_config.openscap.disable  == 'no' and ansible_system == "Linux"%}
   <wodle name="open-scap">
     <disabled>no</disabled>
     <timeout>{{ wazuh_agent_config.openscap.timeout }}</timeout>
diff --git a/ansible-wazuh-agent/vars/authd_pass.yml b/ansible-wazuh-agent/vars/authd_pass.yml
new file mode 100644
index 00000000..df5e2bbf
--- /dev/null
+++ b/ansible-wazuh-agent/vars/authd_pass.yml
@@ -0,0 +1,2 @@
+---
+#authd_pass: 'foobar'
diff --git a/ansible-wazuh-manager/defaults/main.yml b/ansible-wazuh-manager/defaults/main.yml
index 5faf962a..28fbee8c 100644
--- a/ansible-wazuh-manager/defaults/main.yml
+++ b/ansible-wazuh-manager/defaults/main.yml
@@ -5,16 +5,56 @@ wazuh_manager_config:
   json_output: 'yes'
   alerts_log: 'yes'
   logall: 'no'
+  log_format: 'plain'
+  connection:
+    - type: 'secure'
+      port: '1514'
+      protocol: 'tcp'
   authd:
     enable: false
-  email_notification: no
+    port: 1515
+    use_source_ip: 'no'
+    force_insert: 'no'
+    force_time: 0
+    purge: 'no'
+    use_password: 'no'
+    ssl_agent_ca: null
+    ssl_verify_host: 'no'
+    ssl_manager_cert: null
+    ssl_manager_key: null
+    ssl_auto_negotiate: 'no'
+  email_notification: 'no'
   mail_to:
-    - admin@example.net
+    - 'admin@example.net'
   mail_smtp_server: localhost
   mail_from: wazuh-server@example.com
+  extra_emails:
+    - enable: false
+      mail_to: 'admin@example.net'
+      format: full
+      level: 7
+      event_location: null
+      group: null
+      do_not_delay: false
+      do_not_group: false
+      rule_id: null
+  reports:
+    - enable: false
+      category: 'syscheck'
+      title: 'Daily report: File changes'
+      email_to: 'admin@example.net'
+      location: null
+      group: null
+      rule: null
+      level: null
+      srcip: null
+      user: null
+      showlogs: null
   syscheck:
     frequency: 43200
     scan_on_start: 'yes'
+    auto_ignore: 'no'
+    alert_new_files: 'yes'
     ignore:
       - /etc/mtab
       - /etc/mnttab
@@ -61,10 +101,6 @@ wazuh_manager_config:
   globals:
     - '127.0.0.1'
     - '192.168.2.1'
-  connection:
-    - type: 'secure'
-      port: '1514'
-      protocol: 'tcp'
   commands:
     - name: 'disable-account'
       executable: 'disable-account.sh'
@@ -74,6 +110,10 @@ wazuh_manager_config:
       executable: 'restart-ossec.sh'
       expect: ''
       timeout_allowed: 'no'
+    - name: 'win_restart-ossec'
+      executable: 'restart-ossec.cmd'
+      expect: ''
+      timeout_allowed: 'no'
     - name: 'firewall-drop'
       executable: 'firewall-drop.sh'
       expect: 'srcip'
@@ -91,26 +131,45 @@ wazuh_manager_config:
       expect: 'srcip'
       timeout_allowed: 'yes'
   active_responses:
+    - command: 'restart-ossec'
+      location: 'local'
+      rules_id: '100002'
+    - command: 'win_restart-ossec'
+      location: 'local'
+      rules_id: '100003'
     - command: 'host-deny'
       location: 'local'
       level: 6
       timeout: 600
+  syslog_outputs:
+    - server: null
+      port: null
+      format: null
 
 wazuh_agent_configs:
   - type: os
-    type_value: linux
-    frequency_check: 79200
-    ignore_files:
+    type_value: Linux
+    syscheck:
+      frequency: 43200
+      scan_on_start: 'yes'
+      auto_ignore: 'no'
+      alert_new_files: 'yes'
+      ignore:
       - /etc/mtab
       - /etc/mnttab
       - /etc/hosts.deny
       - /etc/mail/statistics
       - /etc/svc/volatile
-    directories:
-      - check_all: yes
-        dirs: /etc,/usr/bin,/usr/sbin
-      - check_all: yes
-        dirs: /bin,/sbin
+      no_diff:
+        - /etc/ssl/private.key
+      directories:
+        - dirs: /etc,/usr/bin,/usr/sbin
+          checks: 'check_all="yes"'
+        - dirs: /bin,/sbin
+          checks: 'check_all="yes"'
+    rootcheck:
+      frequency: 43200
+      cis_distribution_filename: null
     localfiles:
       - format: 'syslog'
         location: '/var/log/messages'
@@ -124,3 +183,19 @@ wazuh_agent_configs:
         location: '/var/log/httpd/access_log'
       - format: 'apache'
         location: '/var/ossec/logs/active-responses.log'
+  - type: os
+    type_value: Windows
+    syscheck:
+      frequency: 43200
+      scan_on_start: 'yes'
+      auto_ignore: 'no'
+      alert_new_files: 'yes'
+      windows_registry:
+        - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile'
+          arch: 'both'
+        - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder'
+    localfiles:
+      - format: 'Security'
+        location: 'eventchannel'
+      - format: 'System'
+        location: 'eventlog'
diff --git a/ansible-wazuh-manager/handlers/main.yml b/ansible-wazuh-manager/handlers/main.yml
index 2d799c45..924ee738 100644
--- a/ansible-wazuh-manager/handlers/main.yml
+++ b/ansible-wazuh-manager/handlers/main.yml
@@ -1,4 +1,7 @@
 ---
+- name: rebuild cdb_lists
+  shell: /var/ossec/bin/ossec-makelists
+
 - name: restart wazuh-manager
   service: name=wazuh-manager
            state=restarted
diff --git a/ansible-wazuh-manager/tasks/main.yml b/ansible-wazuh-manager/tasks/main.yml
index 28249694..d5991aae 100644
--- a/ansible-wazuh-manager/tasks/main.yml
+++ b/ansible-wazuh-manager/tasks/main.yml
@@ -6,7 +6,7 @@
   when: ansible_os_family == "Debian"
 
 - name: Install wazuh-manager, wazuh-api and expect
-  package: pkg={{ item }} state=present
+  package: pkg={{ item }} state=latest
   with_items:
     - wazuh-manager
     - wazuh-api
@@ -21,7 +21,7 @@
     chdir: /var/ossec/etc/
   tags:
       - config
-  when: wazuh_manager_config.authd.ssl_agent_ca is not defined
+  when: not wazuh_manager_config.authd.ssl_agent_ca is not none
 
 - name: Copy CA, SSL key and cert for authd
   copy:
@@ -34,7 +34,7 @@
     - "{{ wazuh_manager_config.authd.ssl_manager_key }}"
   tags:
     - config
-  when: wazuh_manager_config.authd.ssl_agent_ca is defined
+  when: wazuh_manager_config.authd.ssl_agent_ca is not none
 
 - name: Verifying for old init authd service
   stat: path=/etc/init.d/ossec-authd
@@ -90,7 +90,7 @@
 - name: Configure the shared-agent.conf
   template: src=var-ossec-etc-shared-agent.conf.j2
             dest=/var/ossec/etc/shared/agent.conf
-            owner=root
+            owner=ossec
             group=ossec
             mode=0640
   notify: restart wazuh-manager
@@ -98,61 +98,85 @@
     - init
     - config
 
-- name: Check if client-syslog is enabled
-  shell: "/var/ossec/bin/ossec-control status | grep -c 'ossec-csyslogd is running' | xargs echo"
-  register: csyslog_running
-  changed_when: False
-
-- name: Enable client-syslog
-  command: /var/ossec/bin/ossec-control enable client-syslog
-  when: csyslog_running.stdout == '0' and wazuh_manager_config.syslog_outputs is defined
-
-- name: Start client-syslog
-  command: /var/ossec/bin/ossec-control start client-syslog
-  when: csyslog_running.stdout == '0' and wazuh_manager_config.syslog_outputs is defined
-
-- name: Check if ossec-agentlessd is enabled
-  shell: "/var/ossec/bin/ossec-control status | grep -c 'ossec-agentlessd is running' | xargs echo"
-  register: agentless_running
-  changed_when: False
-
-- name: Enable ossec-agentlessd
-  command: /var/ossec/bin/ossec-control enable agentless
-  when: agentless_running.stdout == '0' and agentless_creeds is defined
-
-- name: Start ossec-agentlessd
-  command: /var/ossec/bin/ossec-control start agentless
-  when: agentless_running.stdout == '0' and agentless_creeds is defined
-
-- name: Check if ossec-authd is enabled
-  shell: "/var/ossec/bin/ossec-control status | grep -c 'ossec-authd is running' | xargs echo"
-  register: authd_running
-  changed_when: False
-
-- name: Enable ossec-authd
-  command: /var/ossec/bin/ossec-control enable auth
-  when:
-    - authd_running.stdout == '0'
-    - wazuh_manager_config.authd.enable == true
-
-- name: Start ossec-authd
-  command: /var/ossec/bin/ossec-control start auth
-  when:
-    - authd_running.stdout == '0'
-    - wazuh_manager_config.authd.enable == true
+- name: Retrieving Agentless Credentials
+  include_vars: agentless_creeds.yml
+  tags:
+    - config
 
 - name: Retrieving authd Credentials
   include_vars: authd_pass.yml
   tags:
     - config
 
-- name: Retrieving Agentless Credentials
-  include_vars: agentless_creeds.yml
+- name: Retrieving Wazuh-api User Credentials
+  include_vars: wazuh_api_creds.yml
   tags:
     - config
 
-- name: Retrieving Wazuh-api User Credentials
-  include_vars: wazuh_api_creds.yml
+- name: Retrieving CDB lists
+  include_vars: cdb_lists.yml
+  tags:
+    - config
+
+- name: Check if syslog output is enabled
+  set_fact: syslog_output=true
+  when: item.server is not none
+  with_items:
+    - "{{ wazuh_manager_config.syslog_outputs }}"
+  tags:
+    - config
+
+- name: Check if client-syslog is enabled
+  shell: "grep -c 'ossec-csyslogd' /var/ossec/bin/.process_list | xargs echo"
+  args:
+    removes: /var/ossec/bin/.process_list
+  changed_when: False
+  register: csyslog_enabled
+  tags:
+    - config
+
+- name: Enable client-syslog
+  command: /var/ossec/bin/ossec-control enable client-syslog
+  notify: restart wazuh-manager
+  when:
+    - csyslog_enabled.stdout == '0' or "skipped" in csyslog_enabled.stdout
+    - syslog_output is defined and syslog_output == true
+  tags:
+    - config
+
+- name: Check if ossec-agentlessd is enabled
+  shell: "grep -c 'ossec-agentlessd' /var/ossec/bin/.process_list | xargs echo"
+  args:
+    removes: /var/ossec/bin/.process_list
+  changed_when: False
+  register: agentlessd_enabled
+  tags:
+    - config
+
+- name: Enable ossec-agentlessd
+  command: /var/ossec/bin/ossec-control enable agentless
+  notify: restart wazuh-manager
+  when:
+    - agentlessd_enabled.stdout == '0' or "skipped" in agentlessd_enabled.stdout
+    - agentless_creeds is defined
+  tags:
+    - config
+
+- name: Check if ossec-authd is enabled
+  shell: "grep -c 'ossec-authd' /var/ossec/bin/.process_list | xargs echo"
+  args:
+    removes: /var/ossec/bin/.process_list
+  changed_when: False
+  register: authd_enabled
+  tags:
+    - config
+
+- name: Enable ossec-authd
+  command: /var/ossec/bin/ossec-control enable auth
+  notify: restart wazuh-manager
+  when:
+    - authd_enabled.stdout == '0' or "skipped" in authd_enabled.stdout
+    - wazuh_manager_config.authd.enable == true
   tags:
     - config
 
@@ -187,7 +211,7 @@
   notify: restart wazuh-manager
   when:
     - wazuh_manager_config.authd.use_password is defined
-    - wazuh_manager_config.authd.use_password == true
+    - wazuh_manager_config.authd.use_password == 'yes'
   tags:
     - config
 
@@ -201,6 +225,8 @@
   no_log: true
   notify: restart wazuh-api
   when: wazuh_api_user is defined
+  tags:
+    - config
 
 - name: Agentless Hosts & Passwd
   template:
@@ -211,10 +237,31 @@
     mode: 0644
   no_log: true
   when: agentless_creeds is defined
+  tags:
+    - config
 
 - name: Encode the secret
   shell: /usr/bin/base64 /var/ossec/agentless/.passlist_tmp > /var/ossec/agentless/.passlist && rm /var/ossec/agentless/.passlist_tmp
   when: agentless_creeds is defined
+  tags:
+    - config
+
+- name: CDB Lists
+  template:
+    src: cdb_lists.j2
+    dest: "/var/ossec/etc/lists/{{ item.name }}"
+    owner: root
+    group: ossec
+    mode: 0640
+  no_log: true
+  notify:
+    - rebuild cdb_lists
+    - restart wazuh-manager
+  with_items:
+    - "{{ cdb_lists }}"
+  when: cdb_lists is defined
+  tags:
+    - config
 
 - name: Ensure Wazuh Manager, wazuh api service is started and enabled
   service:
diff --git a/ansible-wazuh-manager/templates/cdb_lists.j2 b/ansible-wazuh-manager/templates/cdb_lists.j2
new file mode 100644
index 00000000..37774b9c
--- /dev/null
+++ b/ansible-wazuh-manager/templates/cdb_lists.j2
@@ -0,0 +1 @@
+{{ item.content }}
diff --git a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2 b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
index 5040d338..98d13b2a 100644
--- a/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
+++ b/ansible-wazuh-manager/templates/var-ossec-etc-ossec-server.conf.j2
@@ -1,4 +1,4 @@
-#jinja2: trim_blocks:False
+#jinja2: trim_blocks: False
 <!--
   Wazuh - Manager - Default configuration
   More info at: https://documentation.wazuh.com
@@ -22,66 +22,74 @@
     <email_from>{{ wazuh_manager_config.mail_from }}</email_from>
   </global>
 
+  <logging>
+    <log_format>{{ wazuh_manager_config.log_format }}</log_format>
+  </logging>
+
 {% if wazuh_manager_config.authd.enable == true %}
   <auth>
     <disabled>no</disabled>
-    {% if wazuh_manager_config.authd.port is defined %}<port>{{wazuh_manager_config.authd.port}}</port>{% else %}<port>1515</port>{% endif %}
-    {% if wazuh_manager_config.authd.use_source_ip is defined %}<use_source_ip>{{wazuh_manager_config.authd.use_source_ip}}</use_source_ip>{% endif %}
-    {% if wazuh_manager_config.authd.force_insert is defined %}<force_insert>{{wazuh_manager_config.authd.force_insert}}</force_insert>{% endif %}
-    {% if wazuh_manager_config.authd.force_time is defined %}<force_time>{{wazuh_manager_config.authd.force_time}}</force_time>{% endif %}
-    {% if wazuh_manager_config.authd.purge is defined %}<purge>{{wazuh_manager_config.authd.purge}}</purge>{% endif %}
-    {% if wazuh_manager_config.authd.use_password is defined %}<use_password>{{wazuh_manager_config.authd.use_password}}</use_password>{% endif %}
-    {% if wazuh_manager_config.authd.ssl_agent_ca is defined %}<ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca>{% endif %}
-    {% if wazuh_manager_config.authd.ssl_verify_host is defined %}<ssl_verify_host>{{wazuh_manager_config.authd.ssl_verify_host}}</ssl_verify_host>{% endif %}
-    {% if wazuh_manager_config.authd.ssl_manager_cert is defined %}<ssl_manager_cert>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}}</ssl_manager_cert>{% endif %}
-    {% if wazuh_manager_config.authd.ssl_manager_key is defined %}<ssl_manager_key>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}}</ssl_manager_key>{% endif %}
-    {% if wazuh_manager_config.authd.ssl_auto_negotiate is defined %}<ssl_auto_negotiate>{{wazuh_manager_config.authd.ssl_auto_negotiate}}</ssl_auto_negotiate>{% endif %}
+    {% if wazuh_manager_config.authd.port is not none %}<port>{{wazuh_manager_config.authd.port}}</port>{% else %}<port>1515</port>{% endif %}
+    {% if wazuh_manager_config.authd.use_source_ip is not none %}<use_source_ip>{{wazuh_manager_config.authd.use_source_ip}}</use_source_ip>{% endif %}
+    {% if wazuh_manager_config.authd.force_insert is not none %}<force_insert>{{wazuh_manager_config.authd.force_insert}}</force_insert>{% endif %}
+    {% if wazuh_manager_config.authd.force_time is not none %}<force_time>{{wazuh_manager_config.authd.force_time}}</force_time>{% endif %}
+    {% if wazuh_manager_config.authd.purge is not none %}<purge>{{wazuh_manager_config.authd.purge}}</purge>{% endif %}
+    {% if wazuh_manager_config.authd.use_password is not none %}<use_password>{{wazuh_manager_config.authd.use_password}}</use_password>{% endif %}
+    {% if wazuh_manager_config.authd.ssl_agent_ca is not none %}<ssl_agent_ca>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_agent_ca | basename}}</ssl_agent_ca>{% endif %}
+    {% if wazuh_manager_config.authd.ssl_verify_host is not none %}<ssl_verify_host>{{wazuh_manager_config.authd.ssl_verify_host}}</ssl_verify_host>{% endif %}
+    {% if wazuh_manager_config.authd.ssl_manager_cert is not none %}<ssl_manager_cert>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_cert | basename}}</ssl_manager_cert>{% endif %}
+    {% if wazuh_manager_config.authd.ssl_manager_key is not none %}<ssl_manager_key>/var/ossec/etc/{{wazuh_manager_config.authd.ssl_manager_key | basename}}</ssl_manager_key>{% endif %}
+    {% if wazuh_manager_config.authd.ssl_auto_negotiate is not none %}<ssl_auto_negotiate>{{wazuh_manager_config.authd.ssl_auto_negotiate}}</ssl_auto_negotiate>{% endif %}
   </auth>
 {% endif %}
 
 {% if wazuh_manager_config.extra_emails is defined %}
 {% for mail in wazuh_manager_config.extra_emails %}
+{% if mail.enable == true %}
   <email_alerts>
     <email_to>{{ mail.mail_to }}</email_to>
-    {% if mail.format is defined %}
+    {% if mail.format is not none %}
     <format>{{ mail.format }}</format>
     {% endif %}
-    {% if mail.level is defined %}
+    {% if mail.level is not none %}
     <level>{{ mail.level }}</level>
     {% endif %}
-    {% if mail.event_location is defined %}
+    {% if mail.event_location is not none %}
     <event_location>{{ mail.event_location }}</event_location>
     {% endif %}
-    {% if mail.group is defined %}
+    {% if mail.group is not none %}
     <group>{{ mail.group }}</group>
     {% endif %}
-    {% if mail.do_not_delay is defined and mail.do_not_delay == true %}
+    {% if mail.do_not_delay is not none and mail.do_not_delay == true %}
     <do_not_delay />
     {% endif %}
-    {% if mail.do_not_group is defined and mail.do_not_group == true %}
+    {% if mail.do_not_group is not none and mail.do_not_group == true %}
     <do_not_group />
     {% endif %}
-    {% if mail.rule_id is defined %}
+    {% if mail.rule_id is not none %}
     <rule_id>{{ mail.rule_id }}</rule_id>
     {% endif %}
   </email_alerts>
+{% endif %}
 {% endfor %}
 {% endif %}
 
 {% if wazuh_manager_config.reports is defined %}
 {% for report in wazuh_manager_config.reports %}
+{% if report.enable == true %}
   <reports>
     <category>{{ report.category }}</category>
     <title>{{ report.title }}</title>
     <email_to>{{ report.email_to }}</email_to>
-    {% if report.location is defined %}<location>{{ report.location }}</location>{% endif %}
-    {% if report.group is defined %}<group>{{ report.group }}</group>{% endif %}
-    {% if report.rule is defined %}<rule>{{ report.rule }}</rule>{% endif %}
-    {% if report.level is defined %}<level>{{ report.level }}</level>{% endif %}
-    {% if report.srcip is defined %}<srcip>{{ report.srcip }}</srcip>{% endif %}
-    {% if report.user is defined %}<user>{{ report.user }}</user>{% endif %}
-    {% if report.showlogs is defined %}<showlogs>{{ report.showlogs }}</showlogs>{% endif %}
+    {% if report.location is not none %}<location>{{ report.location }}</location>{% endif %}
+    {% if report.group is not none %}<group>{{ report.group }}</group>{% endif %}
+    {% if report.rule is not none %}<rule>{{ report.rule }}</rule>{% endif %}
+    {% if report.level is not none %}<level>{{ report.level }}</level>{% endif %}
+    {% if report.srcip is not none %}<srcip>{{ report.srcip }}</srcip>{% endif %}
+    {% if report.user is not none %}<user>{{ report.user }}</user>{% endif %}
+    {% if report.showlogs is not none %}<showlogs>{{ report.showlogs }}</showlogs>{% endif %}
   </reports>
+{% endif %}
 {% endfor %}
 {% endif %}
 
@@ -91,11 +99,11 @@
   </alerts>
 
   <remote>
-{% for connection in wazuh_manager_config.connection %}
+  {% for connection in wazuh_manager_config.connection %}
     <connection>{{ connection.type }}</connection>
     <port>{{ connection.port }}</port>
     <protocol>{{ connection.protocol }}</protocol>
-{% endfor %}
+  {% endfor %}
   </remote>
 
   <rootcheck>
@@ -124,6 +132,8 @@
   </rootcheck>
 
   <syscheck>
+    <auto_ignore>{{ wazuh_manager_config.syscheck.auto_ignore }}</auto_ignore>
+    <alert_new_files>{{ wazuh_manager_config.syscheck.alert_new_files }}</alert_new_files>
     <!-- Frequency that syscheck is executed -- default every 20 hours -->
     <frequency>{{ wazuh_manager_config.syscheck.frequency }}</frequency>
     <scan_on_start>{{ wazuh_manager_config.syscheck.scan_on_start }}</scan_on_start>
@@ -231,7 +241,11 @@
     <decoder_dir>ruleset/decoders</decoder_dir>
     <rule_dir>ruleset/rules</rule_dir>
     <rule_exclude>0215-policy_rules.xml</rule_exclude>
-    <list>etc/lists/audit-keys</list>
+    {% if cdb_lists is defined %}
+    {% for list in cdb_lists %}
+    <list>etc/lists/{{ list.name }}</list>
+    {% endfor %}
+    {% endif %}
 
     <!-- User-defined ruleset -->
     <decoder_dir>etc/decoders</decoder_dir>
@@ -241,10 +255,15 @@
   <!-- Active Response Config -->
 {% for response in wazuh_manager_config.active_responses %}
   <active-response>
+    <disabled>no</disabled>
     <command>{{ response.command }}</command>
-    <location>{{ response.location }}</location>
-    <level>{{ response.level }}</level>
-    <timeout>{{ response.timeout }}</timeout>
+    {%if response.location is defined %}<location>{{ response.location }}</location>{% endif %}
+    {%if response.agent_id is defined %}<agent_id>{{ response.agent_id }}</agent_id>{% endif %}
+    {%if response.level is defined %}<level>{{ response.level }}</level>{% endif %}
+    {%if response.rules_group is defined %}<rules_group>{{ response.rules_group }}</rules_group>{% endif %}
+    {%if response.rules_id is defined %}<rules_id>{{ response.rules_id }}</rules_id>{% endif %}
+    {%if response.timeout is defined %}<timeout>{{ response.timeout }}</timeout>{% endif %}
+    {%if response.repeated_offenders is defined %}<repeated_offenders>{{ response.repeated_offenders }}</repeated_offenders>{% endif %}
   </active-response>
 {% endfor %}
 
@@ -263,11 +282,13 @@
 
 {% if wazuh_manager_config.syslog_outputs is defined %}
 {% for syslog_output in wazuh_manager_config.syslog_outputs %}
+{% if syslog_output.server is not none  %}
   <syslog_output>
     <server>{{ syslog_output.server }}</server>
     <port>{{ syslog_output.port }}</port>
     <format>{{ syslog_output.format }}</format>
   </syslog_output>
+{% endif %}
 {% endfor %}
 {% endif %}
 
diff --git a/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2 b/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
index 7f7e75d8..9d52c8e2 100644
--- a/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
+++ b/ansible-wazuh-manager/templates/var-ossec-etc-shared-agent.conf.j2
@@ -1,44 +1,79 @@
-{% for item in wazuh_agent_configs %}
-<agent_config {{ item.type }}="{{ item.type_value }}">
+#jinja2: trim_blocks: False
+{% if wazuh_agent_configs is defined %}
+{% for agent_config in wazuh_agent_configs %}
+<agent_config {{ agent_config.type }}="{{ agent_config.type_value }}">
   <syscheck>
-  <!-- Directories to check (perform all possible verifications) -->
-{% for directory in item.directories %}
-  <directories check_all="{{ directory.check_all }}">{{ directory.dirs }}</directories>
-{% endfor %}
-    <!-- files we don't watch/ignore -->
-    <frequency>{{ item.frequency_check }}</frequency>
-    {% for ignore_file in item.ignore_files %}
-    <ignore>{{ ignore_file }}</ignore>
+    <auto_ignore>{{ agent_config.syscheck.auto_ignore }}</auto_ignore>
+    <alert_new_files>{{ agent_config.syscheck.alert_new_files }}</alert_new_files>
+    <!-- Frequency that syscheck is executed -- default every 20 hours -->
+    <frequency>{{ agent_config.syscheck.frequency }}</frequency>
+    <scan_on_start>{{ agent_config.syscheck.scan_on_start }}</scan_on_start>
+
+    <!-- Directories to check  (perform all possible verifications) -->
+    {% if agent_config.syscheck.directories is defined %}
+    {% for directory in agent_config.syscheck.directories %}
+    <directories {{ directory.checks }}>{{ directory.dirs }}</directories>
     {% endfor %}
+    {% endif %}
+
+    <!-- Files/directories to ignore -->
+    {% if agent_config.syscheck.ignore is defined %}
+    {% for ignore in agent_config.syscheck.ignore %}
+    <ignore>{{ ignore }}</ignore>
+    {% endfor %}
+    {% endif %}
+
+    <!-- Files no diff -->
+    {% if agent_config.syscheck.no_diff is defined %}
+    {% for no_diff in agent_config.syscheck.no_diff %}
+    <nodiff>{{ no_diff }}</nodiff>
+    {% endfor %}
+    {% endif %}
+
+    {% if agent_config.syscheck.windows_registry is defined %}
+    {% for registry_key in agent_config.syscheck.windows_registry %}
+    {% if registry_key.arch is defined %}
+    <windows_registry arch="{{ registry_key.arch }}">{{ registry_key.key }}</windows_registry>
+    {% else %}
+    <windows_registry>{{ registry_key.key }}</windows_registry>
+    {% endif %}
+    {% endfor %}
+    {% endif %}
   </syscheck>
 
-  <!-- Files to monitor (localfiles) -->
-{% for localfile in item.localfiles %}
-  <localfile>
-     <log_format>{{ localfile.format }}</log_format>
-     {% if localfile.command is defined %}
-     <command>{{ localfile.command }}</command>
-     {% else %}
-     <location>{{ localfile.location }}</location>
-     {% endif %}
-  </localfile>
-{% endfor %}
+  {% for localfile in agent_config.localfiles %}
+    <localfile>
+       <log_format>{{ localfile.format }}</log_format>
+       {% if localfile.format == 'command' or localfile.format == 'full_command' %}
+       <command>{{ localfile.command }}</command>
+       <frequency>{{ localfile.frequency }}</frequency>
+       {% else %}
+       <location>{{ localfile.location }}</location>
+       {% endif %}
+    </localfile>
+  {% endfor %}
 
+  {% if agent_config.rootcheck is defined %}
   <rootcheck>
-    <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
-    <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
-    <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
-    {% if item.cis_distribution_filename is defined %}
-    <system_audit>/var/ossec/etc/shared/{{ item.cis_distribution_filename }}</system_audit>
-    {% else %}
-    {# none specified so install all #}
-    <system_audit>/var/ossec/etc/shared/cis_debian_linux_rcl.txt</system_audit>
-    <system_audit>/var/ossec/etc/shared/cis_rhel_linux_rcl.txt</system_audit>
-    <system_audit>/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt</system_audit>
-    <system_audit>/var/ossec/etc/shared/cis_rhel6_linux_rcl.txt</system_audit>
-    <system_audit>/var/ossec/etc/shared/cis_rhel7_linux_rcl.txt</system_audit>
-    {% endif %}
-  </rootcheck>
+    <disabled>no</disabled>
+    <check_unixaudit>yes</check_unixaudit>
+    <check_files>yes</check_files>
+    <check_trojans>yes</check_trojans>
+    <check_dev>yes</check_dev>
+    <check_sys>yes</check_sys>
+    <check_pids>yes</check_pids>
+    <check_ports>yes</check_ports>
+    <check_if>yes</check_if>
 
+    <!-- Frequency that rootcheck is executed - every 12 hours -->
+    <frequency>{{ agent_config.rootcheck.frequency }}</frequency>
+
+    {% if agent_config.rootcheck.cis_distribution_filename is not none %}
+    <system_audit>/var/ossec/etc/shared/{{ agent_config.rootcheck.cis_distribution_filename }}</system_audit>
+    {% endif %}
+    <skip_nfs>yes</skip_nfs>
+  </rootcheck>
+  {% endif %}
 </agent_config>
 {% endfor %}
+{% endif %}
diff --git a/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2 b/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2
index 76001f2e..5cbe7670 100644
--- a/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2
+++ b/ansible-wazuh-manager/templates/var-ossec-rules-local_rules.xml.j2
@@ -16,3 +16,20 @@
   </rule>
 
 </group>
+
+<!--
+Used with active-response to restart an agent when agent.conf file
+is successfully retrieved.
+-->
+<group name="local,ossec,">
+  <rule id="100002" level="1">
+    <if_group>syscheck</if_group>
+    <match>/var/ossec/etc/shared/agent.conf</match>
+    <description>Linux | agent.conf was modified</description>
+  </rule>
+  <rule id="100003" level="1">
+    <if_group>syscheck</if_group>
+    <match>C:\wazuh-agent/shared/agent.conf</match>
+    <description>Windows | agent.conf was modified</description>
+  </rule>
+</group>
diff --git a/ansible-wazuh-manager/vars/cdb_lists.yml b/ansible-wazuh-manager/vars/cdb_lists.yml
new file mode 100644
index 00000000..4dd651c5
--- /dev/null
+++ b/ansible-wazuh-manager/vars/cdb_lists.yml
@@ -0,0 +1,9 @@
+---
+cdb_lists:
+  - name: 'audit-keys'
+    content: |
+      audit-wazuh-w:write
+      audit-wazuh-r:read
+      audit-wazuh-a:attribute
+      audit-wazuh-x:execute
+      audit-wazuh-c:command