diff --git a/docker/helk-logstash/pipeline/1533-winevent-system-filter.conf b/docker/helk-logstash/pipeline/1533-winevent-system-filter.conf
index 99b6940..f89b427 100644
--- a/docker/helk-logstash/pipeline/1533-winevent-system-filter.conf
+++ b/docker/helk-logstash/pipeline/1533-winevent-system-filter.conf
@@ -17,11 +17,6 @@ filter {
           "StartType" => "service_start_type"
         }
         add_tag => [ "new_service" ]
-        remove_field => [
-          "message",
-          "host",
-          "process_id"
-        ]
       }
     }
     if [event_id] == 16 {
@@ -36,10 +31,10 @@ filter {
     }
     mutate {
       rename => {
-        "[user][domain]" => "user_domain"
-        "[user][identifier]" => "user_sid"
-        "[user][name]" => "user_name"
-        "[user][type]" => "user_type"
+        "[user][domain]" => "user_reporter_domain"
+        "[user][identifier]" => "user_reporter_sid"
+        "[user][name]" => "user_reporter_name"
+        "[user][type]" => "user_reporter_type"
         "computer_name" => "host_name"
       }
     }
diff --git a/docker/helk-logstash/pipeline/2511-winevent-powershell-filter.conf b/docker/helk-logstash/pipeline/2511-winevent-powershell-filter.conf
index 577a7c2..d8e54dd 100644
--- a/docker/helk-logstash/pipeline/2511-winevent-powershell-filter.conf
+++ b/docker/helk-logstash/pipeline/2511-winevent-powershell-filter.conf
@@ -237,5 +237,10 @@ filter {
         ]
       }
     }
+    mutate {
+      rename => {
+        "computer_name" => "host_name"
+      }
+    }
   }
 }
\ No newline at end of file
diff --git a/docker/helk-logstash/pipeline/9959-winevent-codeintegrity-output.conf b/docker/helk-logstash/pipeline/9959-winevent-codeintegrity-output.conf
new file mode 100644
index 0000000..0056baa
--- /dev/null
+++ b/docker/helk-logstash/pipeline/9959-winevent-codeintegrity-output.conf
@@ -0,0 +1,11 @@
+output {
+  if [log_name] == "Microsoft-Windows-CodeIntegrity/Operational"{
+    elasticsearch {
+      hosts => ["helk-elasticsearch:9200"]
+      index => "logs-endpoint-winevent-codeintegrity-%{+YYYY.MM.dd}"
+      document_id => "%{[@metadata][log_hash]}"
+      user => 'elastic'
+      #password => 'elasticpassword'
+    }
+  }
+}
\ No newline at end of file
diff --git a/docker/helk-logstash/pipeline/9960-winevent-bits-output.conf b/docker/helk-logstash/pipeline/9960-winevent-bits-output.conf
new file mode 100644
index 0000000..8160497
--- /dev/null
+++ b/docker/helk-logstash/pipeline/9960-winevent-bits-output.conf
@@ -0,0 +1,11 @@
+output {
+  if [log_name] == "Microsoft-Windows-Bits-Client/Operational"{
+    elasticsearch {
+      hosts => ["helk-elasticsearch:9200"]
+      index => "logs-endpoint-winevent-bits-%{+YYYY.MM.dd}"
+      document_id => "%{[@metadata][log_hash]}"
+      user => 'elastic'
+      #password => 'elasticpassword'
+    }
+  }
+}
\ No newline at end of file
diff --git a/docker/helk-logstash/pipeline/9961-winevent-dns-client-output.conf b/docker/helk-logstash/pipeline/9961-winevent-dns-client-output.conf
new file mode 100644
index 0000000..0df7e63
--- /dev/null
+++ b/docker/helk-logstash/pipeline/9961-winevent-dns-client-output.conf
@@ -0,0 +1,11 @@
+output {
+  if [log_name] == "Microsoft-Windows-DNS-Client/Operational"{
+    elasticsearch {
+      hosts => ["helk-elasticsearch:9200"]
+      index => "logs-endpoint-winevent-dns-client-%{+YYYY.MM.dd}"
+      document_id => "%{[@metadata][log_hash]}"
+      user => 'elastic'
+      #password => 'elasticpassword'
+    }
+  }
+}
\ No newline at end of file
diff --git a/docker/helk-logstash/pipeline/9962-winevent-firewall-advanced-output.conf b/docker/helk-logstash/pipeline/9962-winevent-firewall-advanced-output.conf
new file mode 100644
index 0000000..6693821
--- /dev/null
+++ b/docker/helk-logstash/pipeline/9962-winevent-firewall-advanced-output.conf
@@ -0,0 +1,11 @@
+output {
+  if [log_name] == "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"{
+    elasticsearch {
+      hosts => ["helk-elasticsearch:9200"]
+      index => "logs-endpoint-winevent-firewall-advanced-%{+YYYY.MM.dd}"
+      document_id => "%{[@metadata][log_hash]}"
+      user => 'elastic'
+      #password => 'elasticpassword'
+    }
+  }
+}
\ No newline at end of file
diff --git a/docker/helk_install.sh b/docker/helk_install.sh
index 2c8dd56..5b1e0b9 100755
--- a/docker/helk_install.sh
+++ b/docker/helk_install.sh
@@ -134,7 +134,7 @@ install_curl(){
             apt install -y curl >> $LOGFILE 2>&1
         ;;
         centos|rhel)
-            yum install curl >> $LOGFILE 2>&1
+            yum install -y curl >> $LOGFILE 2>&1
         ;;
         *)
             echo "$HELK_INFO_TAG Please install curl for $LSB_DIST $DIST_VERSION.."
@@ -157,7 +157,7 @@ install_htpasswd(){
                 apt install -y apache2-utils>> $LOGFILE 2>&1
             ;;
             centos|rhel)
-                yum install httpd-tools >> $LOGFILE 2>&1
+                yum install -y httpd-tools >> $LOGFILE 2>&1
             ;;
             *)
                 echo "$HELK_INFO_TAG Please install htpasswd for $LSB_DIST $DIST_VERSION.."
@@ -461,7 +461,7 @@ show_banner(){
     echo "**          HELK - THE HUNTING ELK          **"
     echo "**                                          **"
     echo "** Author: Roberto Rodriguez (@Cyb3rWard0g) **"
-    echo "** HELK build version: v0.1.7-alpha02262019 **"
+    echo "** HELK build version: v0.1.7-alpha04062019 **"
     echo "** HELK ELK version: 6.6.1                  **"
     echo "** License: GPL-3.0                         **"
     echo "**********************************************"