diff --git a/docker/helk-kibana/scripts/kibana-entrypoint.sh b/docker/helk-kibana/scripts/kibana-entrypoint.sh
index c33a982..93c0ddc 100755
--- a/docker/helk-kibana/scripts/kibana-entrypoint.sh
+++ b/docker/helk-kibana/scripts/kibana-entrypoint.sh
@@ -63,12 +63,12 @@ if [[ -n "$ELASTICSEARCH_PASSWORD" ]]; then
 
   # *********** Change Kibana and Logstash password ***************
   echo "[HELK-KIBANA-DOCKER-INSTALLATION-INFO] Submitting a request to change the password of a Kibana and Logstash users .."
-  until curl -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD -H 'Content-Type:application/json' -XPUT $ELASTICSEARCH_HOSTS/_xpack/security/user/kibana/_password -d "{\"password\": \"$KIBANA_PASSWORD\"}"
+  until curl -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD -H 'Content-Type:application/json' -XPUT $ELASTICSEARCH_HOSTS/_security/user/kibana/_password -d "{\"password\": \"$KIBANA_PASSWORD\"}"
   do
     sleep 1
   done
 
-  until curl -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD -H 'Content-Type:application/json' -XPUT $ELASTICSEARCH_HOSTS/_xpack/security/user/logstash_system/_password -d "{\"password\": \"logstashpassword\"}"
+  until curl -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD -H 'Content-Type:application/json' -XPUT $ELASTICSEARCH_HOSTS/_security/user/logstash_system/_password -d "{\"password\": \"logstashpassword\"}"
   do
     sleep 1
   done
diff --git a/docker/helk-kibana/scripts/kibana-setup.sh b/docker/helk-kibana/scripts/kibana-setup.sh
index 09cf22b..031e776 100755
--- a/docker/helk-kibana/scripts/kibana-setup.sh
+++ b/docker/helk-kibana/scripts/kibana-setup.sh
@@ -39,7 +39,7 @@ if [[ -n "$ELASTICSEARCH_PASSWORD" ]] && [[ -n "$ELASTICSEARCH_USERNAME" ]]; the
   echo "[HELK-KIBANA-DOCKER-INSTALLATION-INFO] Creating Kibana Index Patterns..."
   for index in ${!index_patterns[@]}; do
       echo "[++++++] creating kibana index ${index_patterns[${index}]}"
-      until curl -u $KIBANA_USER:$KIBANA_PASSWORD -X POST "$KIBANA_URL/api/saved_objects/index-pattern/${index_patterns[${index}]}" \
+      until curl -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD -X POST "$KIBANA_URL/api/saved_objects/index-pattern/${index_patterns[${index}]}" \
       -H "Content-Type: application/json" -H "kbn-xsrf: true" \
       -d"{\"attributes\":{\"title\":\"${index_patterns[${index}]}\",\"timeFieldName\":\"$TIME_FIELD\"}}"
       do
@@ -49,7 +49,7 @@ if [[ -n "$ELASTICSEARCH_PASSWORD" ]] && [[ -n "$ELASTICSEARCH_USERNAME" ]]; the
 
   # *********** Making Sysmon the default index ***************
   echo "[HELK-KIBANA-DOCKER-INSTALLATION-INFO] Making Sysmon the default index..."
-  until curl -u $KIBANA_USER:$KIBANA_PASSWORD -X POST -H "Content-Type: application/json" -H "kbn-xsrf: true" \
+  until curl -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD -X POST -H "Content-Type: application/json" -H "kbn-xsrf: true" \
   "$KIBANA_URL/api/kibana/settings/defaultIndex" \
   -d"{\"value\":\"$DEFAULT_INDEX\"}"
   do
@@ -58,7 +58,7 @@ if [[ -n "$ELASTICSEARCH_PASSWORD" ]] && [[ -n "$ELASTICSEARCH_USERNAME" ]]; the
 
   # *********** Set URL session store *********************
   echo "[HELK-KIBANA-DOCKER-INSTALLATION-INFO] Setting URL session store"
-  curl -u $KIBANA_USER:$KIBANA_PASSWORD -X POST "$KIBANA_URL/api/kibana/settings" -H 'Content-Type: application/json' -H 'kbn-xsrf: true' -d"
+  curl -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD -X POST "$KIBANA_URL/api/kibana/settings" -H 'Content-Type: application/json' -H 'kbn-xsrf: true' -d"
   {
     \"changes\":{
         \"state:storeInSessionStorage\": true
@@ -71,7 +71,7 @@ if [[ -n "$ELASTICSEARCH_PASSWORD" ]] && [[ -n "$ELASTICSEARCH_USERNAME" ]]; the
   for file in ${DIR}/*.json
   do
       echo "[++++++] Loading dashboard file ${file}"
-      until curl -u $KIBANA_USER:$KIBANA_PASSWORD -X POST "$KIBANA_URL/api/kibana/dashboards/import" -H 'kbn-xsrf: true' \
+      until curl -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD -X POST "$KIBANA_URL/api/kibana/dashboards/import" -H 'kbn-xsrf: true' \
       -H 'Content-type:application/json' -d @${file}
       do
         sleep 1
@@ -80,7 +80,7 @@ if [[ -n "$ELASTICSEARCH_PASSWORD" ]] && [[ -n "$ELASTICSEARCH_USERNAME" ]]; the
 
   # *********** Creating HELK User *********************
   echo "[HELK-KIBANA-DOCKER-INSTALLATION-INFO] Setting HELK's user password to $KIBANA_UI_PASSWORD"
-  curl -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD -X POST "$ELASTICSEARCH_URL/_xpack/security/user/helk" -H 'Content-Type: application/json' -d"
+  curl -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD -X POST "$ELASTICSEARCH_HOSTS/_security/user/helk" -H 'Content-Type: application/json' -d"
   {
     \"password\" : \"$KIBANA_UI_PASSWORD\",
     \"roles\" : [ \"superuser\" ],
@@ -90,7 +90,7 @@ if [[ -n "$ELASTICSEARCH_PASSWORD" ]] && [[ -n "$ELASTICSEARCH_USERNAME" ]]; the
   "
 
   # *********** Create Roles *******************
-  curl -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD -X POST "$ELASTICSEARCH_URL/_xpack/security/role/hunters" -H 'Content-Type: application/json' -d'
+  curl -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD -X POST "$ELASTICSEARCH_HOSTS/_security/role/hunters" -H 'Content-Type: application/json' -d'
   {
     "run_as": [],
     "cluster": [],
@@ -102,7 +102,7 @@ if [[ -n "$ELASTICSEARCH_PASSWORD" ]] && [[ -n "$ELASTICSEARCH_USERNAME" ]]; the
     ]
   }
   '
-  curl -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD -X POST "$ELASTICSEARCH_URL/_xpack/security/role/sysmon_hunters" -H 'Content-Type: application/json' -d'
+  curl -u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD -X POST "$ELASTICSEARCH_HOSTS/_xpack/security/role/sysmon_hunters" -H 'Content-Type: application/json' -d'
   {
     "run_as": [],
     "cluster": [],
diff --git a/docker/helk-logstash/output_templates/88-logs-meta-enrichment-for-endpoints.json b/docker/helk-logstash/output_templates/88-logs-meta-enrichment-for-endpoints.json
index 3de7001..aceafd4 100644
--- a/docker/helk-logstash/output_templates/88-logs-meta-enrichment-for-endpoints.json
+++ b/docker/helk-logstash/output_templates/88-logs-meta-enrichment-for-endpoints.json
@@ -1,7 +1,7 @@
 {
   "order": 88,
   "index_patterns": [ "logs-endpoint-*" ],
-  "version": 2019021801,
+  "version": 2019052901,
   "mappings": {
     "properties": {
       "meta_process_command_line_has_non_ascii": {
@@ -12,6 +12,15 @@
       },
       "meta_process_command_line_length": {
         "type": "integer"
+      },
+      "meta_user_name_is_machine": {
+        "type": "boolean"
+      },
+      "meta_user_reporter_name_is_machine": {
+        "type": "boolean"
+      },
+      "meta_user_target_name_is_machine": {
+        "type": "boolean"
       }
     }
   }
diff --git a/docker/helk-logstash/pipeline/8211-winevent-hostname-cleanups.conf b/docker/helk-logstash/pipeline/8211-winevent-hostname-cleanups.conf
new file mode 100644
index 0000000..f9fe680
--- /dev/null
+++ b/docker/helk-logstash/pipeline/8211-winevent-hostname-cleanups.conf
@@ -0,0 +1,19 @@
+# HELK hostname cleanup conf
+# HELK build Stage: Alpha
+# Author: Nate Guagenti (@neu5ron)
+# License: GPL-3.0
+
+filter {
+  if [event_id] {
+    mutate {
+      lowercase => [
+        "computer_name",
+        "dst_host_name",
+        "src_host_name",
+        "host_name",
+        "[winlog][computer_name]"
+      ]
+      add_field => { "z_logstash_pipeline" => "winevent-hostname-cleanup" }
+    }
+  }
+}
diff --git a/docker/helk-logstash/pipeline/8291-winevent-username-final-modifcations.conf b/docker/helk-logstash/pipeline/8291-winevent-username-final-modifcations.conf
new file mode 100644
index 0000000..f0af75b
--- /dev/null
+++ b/docker/helk-logstash/pipeline/8291-winevent-username-final-modifcations.conf
@@ -0,0 +1,66 @@
+# HELK hostname cleanup conf
+# HELK build Stage: Alpha
+# Author: Nate Guagenti (@neu5ron)
+# License: GPL-3.0
+
+filter {
+  if [event_id] {
+
+    if [user_name] {
+      if [user_name] =~ "\$$" {
+        mutate {
+          add_field => {
+            "meta_user_name_is_machine" => true
+            "z_logstash_pipeline" => "winevent-user_name-is-machine-account"
+          }
+        }
+      }
+      else {
+        mutate {
+          add_field => {
+            "meta_user_name_is_machine" => false
+            "z_logstash_pipeline" => "winevent-user_name-is-machine-account"
+          }
+        }
+      }
+    }
+
+    if [user_reporter_name] {
+      if [user_reporter_name] =~ "\$$" {
+        mutate {
+          add_field => {
+            "meta_user_reporter_name_is_machine" => true
+            "z_logstash_pipeline" => "winevent-user_reporter_name-is-machine-account"
+          }
+        }
+      }
+      else {
+        mutate {
+          add_field => {
+            "meta_user_reporter_name_is_machine" => false
+            "z_logstash_pipeline" => "winevent-user_reporter_name-is-machine-account"
+          }
+        }
+      }
+    }
+
+    if [user_target_name] {
+      if [user_target_name] =~ "\$$" {
+        mutate {
+          add_field => {
+            "meta_user_target_name_is_machine" => true
+            "z_logstash_pipeline" => "winevent-user_target_name-is-machine-account"
+          }
+        }
+      }
+      else {
+        mutate {
+          add_field => {
+            "meta_user_target_name_is_machine" => false
+            "z_logstash_pipeline" => "winevent-user_target_name-is-machine-account"
+          }
+        }
+      }
+    }
+  }
+}