diff --git a/access.ips b/access.ips
index a8cf1ea0ee61974d0893aed839777135ad8404bf..9800b686b19f5efe4dd311e387a504754bfcf7b8 100644
--- a/access.ips
+++ b/access.ips
@@ -19,9 +19,9 @@
 ### Nifi ports - End   ###
 
 
-### ODFE - Start ###
+### OPENSEARCH - Start ###
 #172.22.0.0/16
-### ODFE - End   ###
+### OPENSEARCH - End   ###
 
 
 ### KeyCloak - Start ###
diff --git a/configure.sh b/configure.sh
index f7e239be7fcea3a7cfe426e8da2e9d909514cee7..72040949da31820948ea12eb0f61b0e0136860ea 100755
--- a/configure.sh
+++ b/configure.sh
@@ -11,7 +11,7 @@ wait () {
 	done
 }
 
-echo "By default, all services except HAProxy stats and ODFE are public!"
+echo "By default, all services except HAProxy stats and OPENSEARCH are public!"
 echo "The configuration file: access.ips is used to configure external access to the services"
 echo "Do you want to modify/edit this file now?"
 read -p "(yes|no) [no] : " MODIFY
diff --git a/generate_haproxy_whitelist_files.sh b/generate_haproxy_whitelist_files.sh
index 1ddb6dacedf20cd3da673bb1b36b04a2a6fec4f6..a60a2451c43478cdfff7755ad23e8a1c7c100a06 100755
--- a/generate_haproxy_whitelist_files.sh
+++ b/generate_haproxy_whitelist_files.sh
@@ -2,7 +2,7 @@
 awk '/HAProxy Stats - Start/{flag=1; next} /HAProxy Stats - End/{flag=0} flag' access.ips > roles/haproxy/files/stats_whitelist.lst
 awk '/Nifi Management - Start/{flag=1; next} /Nifi Management - End/{flag=0} flag' access.ips > roles/haproxy/files/nifi_whitelist.lst
 awk '/Nifi ports - Start/{flag=1; next} /Nifi ports - End/{flag=0} flag' access.ips > roles/haproxy/files/nifiports_whitelist.lst
-awk '/ODFE  - Start/{flag=1; next} /ODFE - End/{flag=0} flag' access.ips > roles/haproxy/files/odfe_whitelist.lst
+awk '/OPENSEARCH  - Start/{flag=1; next} /OPENSEARCH - End/{flag=0} flag' access.ips > roles/haproxy/files/opensearch-dashboards_whitelist.lst
 awk '/KeyCloak - Start/{flag=1; next} /KeyCloak - End/{flag=0} flag' access.ips > roles/haproxy/files/keycloak_whitelist.lst
 awk '/TheHive - Start/{flag=1; next} /TheHive - End/{flag=0} flag' access.ips > roles/haproxy/files/thehive_whitelist.lst
 awk '/Cortex - Start/{flag=1; next} /Cortex - End/{flag=0} flag' access.ips > roles/haproxy/files/cortex_whitelist.lst
diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
index aaadfaa22cf1df8bc9bb11a10e7933422ebe2c31..18fa2b79c79029fb1dd2bc8d37a491fe7fb411a3 100644
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@@ -12,8 +12,6 @@ repo: soctools
 version: 7
 suffix: a20201004
 
-kibana_plugins_version: "v0.7"
-
 THEHIVE_KIBANA_USER:
   username: "kibana"
   name: "Kibana"
@@ -69,15 +67,15 @@ sysctlconfig:
   - { key: "vm.max_map_count" , val:  "524288" }
 
 nifi_javamem: "1500m"
-odfe_javamem: "512m"
+opensearch_javamem: "512m"
 
 nifi_version: 1.12.1
 nifi_repo: "https://archive.apache.org/dist"
 
 ca_cn: "SOCTOOLS-CA"
 
-odfees_img: "{{repo}}/odfees:{{version}}{{suffix}}"
-odfekibana_img: "{{repo}}/odfekibana:{{version}}{{suffix}}"
+opensearches_img: "{{repo}}/opensearches:{{version}}{{suffix}}"
+opensearchdashboards_img: "{{repo}}/opensearch-dashboards:{{version}}{{suffix}}"
 #elk_version: "oss-7.6.1"
 elk_version: "oss-7.4.2"
 #odfeplugin_version: "1.7.0.0"
@@ -89,6 +87,7 @@ openid_subjkey: preferred_username
 
 keycloak_img: "{{repo}}/keycloak:{{version}}{{suffix}}"
 
+opensearch_version: "2.3.0"
 elastic_username: "admin"
 
 misp_dbname: "mispdb"
@@ -100,10 +99,9 @@ services:
   - openjdk
   - zookeeper
   - nifi
-  - elasticsearch
-  - kibana
-  - odfees
-  - odfekibana
+  - opensearch
+  - opensearches
+  - opensearch-dashboards
   - keycloak
   - misp
   - cassandra
diff --git a/group_vars/all/variables.template b/group_vars/all/variables.template
index 04576f39a7e109c393776ab21dbd7a25330655b1..286875f7d467c3474ff7630a5d0b610d4d989c95 100644
--- a/group_vars/all/variables.template
+++ b/group_vars/all/variables.template
@@ -21,7 +21,7 @@ soctools_users:
 #    DN: "CN=soc_admin_2"
 #    CN: "soc_admin_2"
     
-# list of users(username) from previous step which will recive admin roles in ODFE. (Minimum one user is required)
+# list of users(username) from previous step which will recive admin roles in OPENSEARCH. (Minimum one user is required)
 ODFE_ADMIN_USERS:
   - soc_admin
 #  -   soc_admin_2
diff --git a/initsoctools.yml b/initsoctools.yml
index b4371504f088735a35d38c7fd317456a65c51c51..d0dd9cf97f45dfb418c4c404f3eda09514ba2b26 100644
--- a/initsoctools.yml
+++ b/initsoctools.yml
@@ -40,15 +40,15 @@
   roles:
     - cortex
 
-- name: Reconfigure and start OpenDistro for Elasticsearch
-  hosts: odfeescontainers
+- name: Reconfigure and start opensearch
+  hosts: opensearchescontainers
   roles:
-    - odfees
+    - opensearches
 
-- name: Reconfigure and start OpenDistro Kibana for Elasticsearch
-  hosts: odfekibanacontainers
+- name: Reconfigure and start opensearch Kibana
+  hosts: opensearchkibanacontainers
   roles:
-    - odfekibana
+    - opensearch-dashboards
 
 - name: Install and run filebeat
   hosts: filebeat
diff --git a/inventories/elasticsearch b/inventories/elasticsearch
deleted file mode 100644
index 73901fb0cd71e4434bd33159a45fc97c34ee98bb..0000000000000000000000000000000000000000
--- a/inventories/elasticsearch
+++ /dev/null
@@ -1,3 +0,0 @@
-[odfeescontainers]
-soctools-odfe-1 ansible_connection=docker
-soctools-odfe-2 ansible_connection=docker
diff --git a/inventories/kibana b/inventories/kibana
deleted file mode 100644
index 1f00ac6c362b94aaf698cb74343d1fbf2a402ab1..0000000000000000000000000000000000000000
--- a/inventories/kibana
+++ /dev/null
@@ -1,2 +0,0 @@
-[odfekibanacontainers]
-soctools-kibana ansible_connection=docker
diff --git a/inventories/opensearch b/inventories/opensearch
new file mode 100644
index 0000000000000000000000000000000000000000..ecdf1be4d3928eb611bb2b3255d8346f732b31bb
--- /dev/null
+++ b/inventories/opensearch
@@ -0,0 +1,3 @@
+[opensearchescontainers]
+soctools-opensearch-1 ansible_connection=docker
+soctools-opensearch-2 ansible_connection=docker
diff --git a/inventories/opensearch-dashboards b/inventories/opensearch-dashboards
new file mode 100644
index 0000000000000000000000000000000000000000..22b6a754228278d7ef7f6dc2393e1650c5fbc8cc
--- /dev/null
+++ b/inventories/opensearch-dashboards
@@ -0,0 +1,2 @@
+[opensearchdashboardscontainers]
+soctools-opensearch-dashboards ansible_connection=docker
diff --git a/restart-soctools.yml b/restart-soctools.yml
index 5aa1c94116243ecdf120c17813677b9c59643630..060161f87d77f4984d579ea35ceb5d04189dbc9b 100644
--- a/restart-soctools.yml
+++ b/restart-soctools.yml
@@ -25,15 +25,15 @@
   roles:
     - nifi
 
-- name: Restart services for OpenDistro for Elasticsearch
-  hosts: odfeescontainers
+- name: Restart services for opensearch
+  hosts: opensearchescontainers
   roles:
-    - odfees
+    - opensearches
 
-- name: Restart services for OpenDistro Kibana for Elasticsearch
-  hosts: odfekibanacontainers
+- name: Restart services for opensearch Kibana
+  hosts: opensearchdashboardscontainers
   roles:
-    - odfekibana
+    - opensearch-dashboards
 
 - name: Restart services for MISP
   hosts: mispcontainers
diff --git a/roles/build/files/odfees/odfesupervisord.conf b/roles/build/files/opensearch-dashboards/dashboardssupervisord.conf
similarity index 69%
rename from roles/build/files/odfees/odfesupervisord.conf
rename to roles/build/files/opensearch-dashboards/dashboardssupervisord.conf
index 975b7cdcb388e0292b82abde53f0a593505bda3c..775390b75db5c8926861dd27ea0624b82f27790e 100644
--- a/roles/build/files/odfees/odfesupervisord.conf
+++ b/roles/build/files/opensearch-dashboards/dashboardssupervisord.conf
@@ -16,18 +16,18 @@ supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
 [supervisorctl]
 serverurl=unix:///tmp/supervisor.sock
 
-[program:odfe]
-user=elasticsearch
-group=elasticsearch
-directory=/usr/share/elasticsearch
-command=sh -c "/usr/share/elasticsearch/bin/elasticsearch"
+[program:opensearch-dashboards]
+user=dashboards
+group=dashboards
+directory=/opt/opensearch-dashboards
+command=sh -c "/opt/opensearch-dashboards/bin/opensearch-dashboards -c /opt/opensearch-dashboards/config/opensearch_dashboards.yml"
 autostart=false
 autorestart=true
 logfile_maxbytes=10MB
 stdout_logfile_backups = 0
 stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/elasticsearch_stderr.log
-stdout_logfile = /var/log/supervisor/elasticsearch_stdout.log
+stderr_logfile = /var/log/supervisor/opensearch-dashboards_stderr.log
+stdout_logfile = /var/log/supervisor/opensearch-dashboards_stdout.log
 
 [program:filebeat]
 directory=/opt/filebeat
diff --git a/roles/build/files/elasticsearch/.empty b/roles/build/files/opensearch/.empty
similarity index 100%
rename from roles/build/files/elasticsearch/.empty
rename to roles/build/files/opensearch/.empty
diff --git a/roles/build/files/kibana/kibanasupervisord.conf b/roles/build/files/opensearches/opensearchsupervisord.conf
similarity index 76%
rename from roles/build/files/kibana/kibanasupervisord.conf
rename to roles/build/files/opensearches/opensearchsupervisord.conf
index 2cceed0bc2c3da97bb7b6012a381430808a6f5ae..d6ed091da03956dd49fc31c063f9866ec9c9e6cc 100644
--- a/roles/build/files/kibana/kibanasupervisord.conf
+++ b/roles/build/files/opensearches/opensearchsupervisord.conf
@@ -16,18 +16,18 @@ supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
 [supervisorctl]
 serverurl=unix:///tmp/supervisor.sock
 
-[program:kibana]
-user=kibana
-group=kibana
-directory=/usr/share/kibana
-command=sh -c "/usr/share/kibana/bin/kibana -c /usr/share/kibana/config/kibana.yml"
+[program:opensearch]
+user=opensearch
+group=opensearch
+directory=/opt/opensearch
+command=sh -c "/opt/opensearch/bin/opensearch"
 autostart=false
 autorestart=true
 logfile_maxbytes=10MB
 stdout_logfile_backups = 0
 stderr_logfile_backups = 0
-stderr_logfile = /var/log/supervisor/kibana_stderr.log
-stdout_logfile = /var/log/supervisor/kibana_stdout.log
+stderr_logfile = /var/log/supervisor/opensearch_stderr.log
+stdout_logfile = /var/log/supervisor/opensearch_stdout.log
 
 [program:filebeat]
 directory=/opt/filebeat
diff --git a/roles/build/tasks/centos.yml b/roles/build/tasks/centos.yml
index 62a8fb1fbd84dce5a27660a24f9eab54b59d9b97..2bbb7635c6b9f946196af54195ff558329a01475 100644
--- a/roles/build/tasks/centos.yml
+++ b/roles/build/tasks/centos.yml
@@ -1,15 +1,5 @@
 ---
 
-- name: Check for CentOS image
-  docker_image_info:
-    name: "{{repo}}/centos:{{version}}{{suffix}}"
-  register: centosimg
-
-- name: Assert CentOS image
-  assert:
-    that: centosimg.images | length == 0
-    fail_msg: "CentOS image already exists"
-
 - name: Create etc tree in build directory
   file:
     path: '{{ temp_root}}/{{ item.path }}'
diff --git a/roles/build/tasks/main.yml b/roles/build/tasks/main.yml
index 6dd4e6c892787e04bac92c62284a48b2294df9cf..2dbc112f63015bddeddb4b2db373ef998d8c3365 100644
--- a/roles/build/tasks/main.yml
+++ b/roles/build/tasks/main.yml
@@ -5,7 +5,15 @@
       - "'CHANGE_ME' not in soctoolsproxy"
     fail_msg: "Review *all* settings in group_vars/all/main.yml"
 
-- include: centos.yml
+# Create CentOS image if not created yet 
+- name: Check for CentOS image
+  docker_image_info: 
+    name: "{{repo}}/centos:{{version}}{{suffix}}" 
+  register: centosimg
+
+- name: Include tasks to create CentOS image
+  include_tasks: centos.yml
+  when: centosimg.images | length == 0
 
 - name: Create main build dir
   file:
diff --git a/roles/build/templates/elasticsearch/Dockerfile.j2 b/roles/build/templates/elasticsearch/Dockerfile.j2
deleted file mode 100644
index 7947f249dfbcd76cd796e5599269bdf25d436b29..0000000000000000000000000000000000000000
--- a/roles/build/templates/elasticsearch/Dockerfile.j2
+++ /dev/null
@@ -1,21 +0,0 @@
-FROM {{repo}}/openjdk:{{version}}{{suffix}}
-
-ENV PATH="/usr/share/elasticsearch/bin:${PATH}"
-
-RUN groupadd -g 1000 elasticsearch && \
-    adduser -u 1000 -g 1000 -d /usr/share/elasticsearch elasticsearch
-
-WORKDIR /usr/share/elasticsearch
-
-RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
-    rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-{{elk_version}}-no-jdk-x86_64.rpm && \
-    cp -a /etc/elasticsearch/ /usr/share/elasticsearch/config/ && \
-    chown -R elasticsearch /usr/share/elasticsearch/config && \
-    mkdir -p /usr/share/elasticsearch/data && \
-    chown -R elasticsearch /usr/share/elasticsearch/data && \
-    sed -i -e 's,ES_PATH_CONF=/etc/elasticsearch,ES_PATH_CONF=/usr/share/elasticsearch/config,g' /etc/sysconfig/elasticsearch
-
-RUN echo 'elasticsearch ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
-
-ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
-
diff --git a/roles/build/templates/kibana/Dockerfile.j2 b/roles/build/templates/kibana/Dockerfile.j2
deleted file mode 100644
index db7d064db56e385b1c695a349db18a610346e5a3..0000000000000000000000000000000000000000
--- a/roles/build/templates/kibana/Dockerfile.j2
+++ /dev/null
@@ -1,22 +0,0 @@
-FROM {{repo}}/centos:{{version}}{{suffix}}
-
-RUN yum install -y supervisor
-RUN yum clean all
-
-ENV PATH="/usr/share/kibana/bin:${PATH}"
-
-RUN groupadd -g 1000 kibana && \
-    adduser -u 1000 -g 1000 -d /usr/share/kibana kibana
-
-WORKDIR /usr/share/kibana
-
-RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
-    rpm -Uvh https://artifacts.elastic.co/downloads/kibana/kibana-{{elk_version}}-x86_64.rpm && \
-    cp -a /etc/kibana/ /usr/share/kibana/config/ && \
-    chown -R kibana /usr/share/kibana/config/
-
-RUN echo 'kibana ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
-
-COPY kibanasupervisord.conf /etc/supervisord.conf
-ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
-
diff --git a/roles/build/templates/odfees/Dockerfile.j2 b/roles/build/templates/odfees/Dockerfile.j2
deleted file mode 100644
index a4834a5e3caff38bd7f76182455a747638c2f952..0000000000000000000000000000000000000000
--- a/roles/build/templates/odfees/Dockerfile.j2
+++ /dev/null
@@ -1,19 +0,0 @@
-FROM {{repo}}/elasticsearch:{{version}}{{suffix}}
-
-ENV PATH="/usr/share/elasticsearch/bin:${PATH}"
-
-USER root
-WORKDIR /usr/share/elasticsearch
-
-RUN for PLUGIN in \
-    https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-security/opendistro_security-{{odfeplugin_version}}.zip \
-    https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-alerting/opendistro_alerting-{{odfeplugin_version}}.zip \
-    https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-sql/opendistro_sql-{{odfeplugin_version}}.zip; \
-    do bin/elasticsearch-plugin install -b ${PLUGIN}; done && \
-    chown -R elasticsearch plugins/opendistro_security
-
-RUN echo 'elasticsearch ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
-RUN yum install -y supervisor rsync
-RUN yum clean all
-COPY odfesupervisord.conf /etc/supervisord.conf
-ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
diff --git a/roles/build/templates/opensearch-dashboards/Dockerfile.j2 b/roles/build/templates/opensearch-dashboards/Dockerfile.j2
new file mode 100644
index 0000000000000000000000000000000000000000..1b82e8ebbf6a5fb0c5e2467d90931a88277d90f0
--- /dev/null
+++ b/roles/build/templates/opensearch-dashboards/Dockerfile.j2
@@ -0,0 +1,25 @@
+FROM {{repo}}/centos:{{version}}{{suffix}}
+
+RUN yum install -y supervisor
+RUN yum clean all
+
+ENV PATH="/opt/opensearch-dashboards/bin:${PATH}"
+ARG OPENSEARCH_VERSION={{opensearch_version}}
+
+RUN groupadd -g 1000 dashboards && \
+    adduser -u 1000 -g 1000 -d /opt/opensearch-dashboards -M dashboards
+
+RUN cd /opt && \
+    yum install -y wget sudo  && \
+    wget https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/${OPENSEARCH_VERSION}/opensearch-dashboards-${OPENSEARCH_VERSION}-linux-x64.tar.gz -O /tmp/opensearch-dashboards.tar.gz && \
+    tar -xvzf /tmp/opensearch-dashboards.tar.gz && \
+    ln -s $(find /opt -mindepth 1 -maxdepth 1 -type d | grep -i opensearch) /opt/opensearch-dashboards && \
+    chown -R dashboards:dashboards /opt/opensearch-dashboards/
+
+WORKDIR /opt/opensearch-dashboards
+
+RUN echo 'dashboards ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
+
+COPY dashboardssupervisord.conf /etc/supervisord.conf
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+
diff --git a/roles/build/templates/opensearch/Dockerfile.j2 b/roles/build/templates/opensearch/Dockerfile.j2
new file mode 100644
index 0000000000000000000000000000000000000000..bf9794bcd2bdf59072e34315135711e100903e08
--- /dev/null
+++ b/roles/build/templates/opensearch/Dockerfile.j2
@@ -0,0 +1,23 @@
+FROM {{repo}}/centos:{{version}}{{suffix}}
+
+ENV PATH="/opt/opensearch/bin:${PATH}"
+ARG OPENSEARCH_VERSION={{opensearch_version}}
+
+RUN groupadd -g 1000 opensearch && \
+    adduser -u 1000 -g 1000 -d /opt/opensearch -M opensearch
+
+
+RUN cd /opt && \
+    yum install -y wget sudo && \
+    wget https://artifacts.opensearch.org/releases/bundle/opensearch/${OPENSEARCH_VERSION}/opensearch-${OPENSEARCH_VERSION}-linux-x64.tar.gz -O /tmp/opensearch.tar.gz && \
+    tar -xvzf /tmp/opensearch.tar.gz && \
+    ln -s $(find /opt -mindepth 1 -maxdepth 1 -type d | grep -i opensearch) /opt/opensearch && \
+    chown -R opensearch:opensearch /opt/opensearch/
+
+WORKDIR /opt/opensearch
+
+RUN echo 'opensearch ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
+
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+
+
diff --git a/roles/build/templates/opensearches/Dockerfile.j2 b/roles/build/templates/opensearches/Dockerfile.j2
new file mode 100644
index 0000000000000000000000000000000000000000..f2abb04e2812dd29e3fd241c9c50109e466bba5a
--- /dev/null
+++ b/roles/build/templates/opensearches/Dockerfile.j2
@@ -0,0 +1,12 @@
+FROM {{repo}}/opensearch:{{version}}{{suffix}}
+
+ENV PATH="/opt/opensearch/bin:${PATH}"
+
+USER root
+WORKDIR /opt/opensearch
+
+RUN echo 'opensearch ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
+RUN yum install -y supervisor rsync
+RUN yum clean all
+COPY opensearchsupervisord.conf /etc/supervisord.conf
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
diff --git a/roles/ca/tasks/main.yml b/roles/ca/tasks/main.yml
index 693108e48ac0dc8826c9ac68e37fa5af4315071e..bc7bcfc61b299afafe9f9508160c3f4f7766f8ca 100644
--- a/roles/ca/tasks/main.yml
+++ b/roles/ca/tasks/main.yml
@@ -42,8 +42,8 @@
   command: roles/ca/files/easyrsa/easyrsa show-cert {{item}}
   with_items:
     - "{{ groups['nificontainers'] }}"
-    - "{{ groups['odfeescontainers'] }}"
-    - "{{ groups['odfekibanacontainers'] }}"
+    - "{{ groups['opensearchescontainers'] }}"
+    - "{{ groups['opensearchdashboardscontainers'] }}"
     - "{{ groups['keycloakcontainers'] }}"
     - "{{ groups['mispcontainers'] }}"
     - "{{ groups['thehive'] }}"
@@ -63,8 +63,8 @@
     build-serverClient-full {{item}} nopass
   with_items:
     - "{{ groups['nificontainers'] }}"
-    - "{{ groups['odfeescontainers'] }}"
-    - "{{ groups['odfekibanacontainers'] }}"
+    - "{{ groups['opensearchescontainers'] }}"
+    - "{{ groups['opensearchdashboardscontainers'] }}"
     - "{{ groups['keycloakcontainers'] }}"
     - "{{ groups['mispcontainers'] }}"
     - "{{ groups['thehive'] }}"
@@ -100,8 +100,8 @@
       Enter Export Password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}"
   with_items:
     - "{{ groups['nificontainers'] }}"
-    - "{{ groups['odfeescontainers'] }}"
-    - "{{ groups['odfekibanacontainers'] }}"
+    - "{{ groups['opensearchescontainers'] }}"
+    - "{{ groups['opensearchdashboardscontainers'] }}"
     - "{{ groups['keycloakcontainers'] }}"
     - "{{ groups['thehive'] }}"
     - "{{ groups['cortex'] }}"
diff --git a/roles/cortex/tasks/configure.yml b/roles/cortex/tasks/configure.yml
index cbcb0e99965da2affc197a7ff7b367cfd5c8843f..7e94fcbf22f82f7d92a37bfa19ecd7e0dd31d622 100644
--- a/roles/cortex/tasks/configure.yml
+++ b/roles/cortex/tasks/configure.yml
@@ -41,7 +41,6 @@
   register: cortexadminuserkey
   args:
     warn: false
-  run_once: True
 
 - set_fact:
     cortexadminuserapikey={{ cortexadminuserkey.stdout }}
diff --git a/roles/cortex/templates/application.conf.j2 b/roles/cortex/templates/application.conf.j2
index acfe9020d6979cd730eaf57c27ece4f15658b05d..4155af9a310b65dcd141dcb4f7002941c1954fa4 100644
--- a/roles/cortex/templates/application.conf.j2
+++ b/roles/cortex/templates/application.conf.j2
@@ -14,7 +14,7 @@ search {
   index = cortex
   # ElasticSearch instance address.
   # For cluster, join address:port with ',': "http://ip1:9200,ip2:9200,ip3:9200"
-  #uri = "https://{{groups['odfeescontainers'][0]}}:9200"
+  #uri = "https://{{groups['opensearchescontainers'][0]}}:9200"
   uri = "http://localhost:9200"
 
   ## Advanced configuration
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index d09016fa8b7912a3659bf0629cbae142c57a2037..e21541f2713f0c6b2896aeaa820bd994bdf701bb 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -6,8 +6,8 @@
 - include: keycloak.yml
 - include: zookeeper.yml
 - include: nifi.yml
-- include: odfees.yml
-- include: odfekibana.yml
+- include: opensearches.yml
+- include: opensearch-dashboards.yml
 - include: misp.yml
 - include: keycloak.yml
 - include: cassandra.yml
diff --git a/roles/docker/tasks/odfekibana.yml b/roles/docker/tasks/opensearch-dashboards.yml
similarity index 50%
rename from roles/docker/tasks/odfekibana.yml
rename to roles/docker/tasks/opensearch-dashboards.yml
index 8426ce61d2d839917dca6fddfb7166a52f39d7cc..66808f43a91f5d1277f9801f63a599c2d6857aec 100644
--- a/roles/docker/tasks/odfekibana.yml
+++ b/roles/docker/tasks/opensearch-dashboards.yml
@@ -1,23 +1,23 @@
 ---
 
-- name: Create odfe kibana containers and connect to network
+- name: Create Opensearch Dashboard containers and connect to network
   docker_container:
     name: "{{ item }}"
     hostname: "{{ item }}"
-    image: "{{ odfekibana_img }}"
+    image: "{{ opensearchdashboards_img }}"
     networks:
       - name: "{{ soctools_netname }}"
     networks_cli_compatible: yes
     interactive: "yes"
-  with_items: "{{ groups['odfekibanacontainers'] }}"
+  with_items: "{{ groups['opensearchdashboardscontainers'] }}"
   tags:
     - start-docker-containers
 
-- name: Disconnect odfe kibana containers from network and remove
+- name: Disconnect Opensearch Dashboard containers from network and remove
   docker_container:
     name: "{{ item }}"
     state: absent
-  with_items: "{{ groups['odfekibanacontainers'] }}"
+  with_items: "{{ groups['opensearchdashboardscontainers'] }}"
   tags:
     - stop-docker-containers
 
diff --git a/roles/docker/tasks/odfees.yml b/roles/docker/tasks/opensearches.yml
similarity index 51%
rename from roles/docker/tasks/odfees.yml
rename to roles/docker/tasks/opensearches.yml
index 7ae76b5de752ab1ff385f49ffc443387f4196dc4..6057b2f9ab9a6560afbcb189be3a5dc31044aac8 100644
--- a/roles/docker/tasks/odfees.yml
+++ b/roles/docker/tasks/opensearches.yml
@@ -1,25 +1,25 @@
 ---
 
-- name: Create odfe elasticsearch containers and connect to network
+- name: Create odfe Opensearch containers and connect to network
   docker_container:
     name: "{{ item }}"
     hostname: "{{ item }}"
-    image: "{{ odfees_img }}"
+    image: "{{ opensearches_img }}"
     networks:
       - name: "{{ soctools_netname }}"
     networks_cli_compatible: yes
     volumes:
-      - "{{item}}:/usr/share/elasticsearch/data"
+      - "{{item}}:/opt/opensearch/data"
     interactive: "yes"
-  with_items: "{{ groups['odfeescontainers'] }}"
+  with_items: "{{ groups['opensearchescontainers'] }}"
   tags:
     - start-docker-containers
 
-- name: Disconnect odfe elasticsearch containers from network and remove
+- name: Disconnect Opensearch containers from network and remove
   docker_container:
     name: "{{ item }}"
     state: absent
-  with_items: "{{ groups['odfeescontainers'] }}"
+  with_items: "{{ groups['opensearchescontainers'] }}"
   tags:
     - stop-docker-containers
 
diff --git a/roles/docker/tasks/volumecreate.yml b/roles/docker/tasks/volumecreate.yml
index a4e92207fcff83c4d282524f04456c2455b08475..4e45a4235dfe7d36878f91529942351e72c335f1 100644
--- a/roles/docker/tasks/volumecreate.yml
+++ b/roles/docker/tasks/volumecreate.yml
@@ -32,11 +32,11 @@
   tags:
     - start-docker-containers
 
-- name: Create OpenDistro for Elasticearch volumes
+- name: Create Opensearch volumes
   docker_volume:
     name: "{{item}}"
   with_items:
-    - "{{ groups['odfeescontainers'] }}" 
+    - "{{ groups['opensearchescontainers'] }}" 
   tags:
     - start-docker-containers
 
diff --git a/roles/haproxy/tasks/init.yml b/roles/haproxy/tasks/init.yml
index aaf8aa32add3a1c818b3128899b2f90c786116dc..7f8b77c00756ab6747443138fc151d0e9bc10c2f 100644
--- a/roles/haproxy/tasks/init.yml
+++ b/roles/haproxy/tasks/init.yml
@@ -15,13 +15,13 @@
   - stats
   - nifi
   - nifiports
-  - odfe
+  - opensearch
   - keycloak
   - thehive
   - cortex
   - misp
   - user-mgmt-ui
-  - kibana
+  - opensearch-dashboards
 
 - name: Create required directories
   file:
diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2
index 8a92792b895a8ada0a1fed8176ad6ea9cb44dac6..5f463b537d171c81dba9ba501a078a52396238ba 100644
--- a/roles/haproxy/templates/haproxy.cfg.j2
+++ b/roles/haproxy/templates/haproxy.cfg.j2
@@ -38,7 +38,7 @@ listen nifiserv
 {% endfor %}
 	tcp-request connection reject if !{ src -f /usr/local/etc/haproxy/nifi_whitelist.lst }
 
-listen odfeserv
+listen opensearchserv
         bind *:9200 ssl crt /etc/ssl/haproxy alpn h2,http/1.1
         mode http
         maxconn 5000
@@ -46,10 +46,10 @@ listen odfeserv
         balance source
         option tcpka
         option httplog
-{% for odfehost in groups['odfeescontainers'] %}
-     	server {{odfehost}} {{odfehost}}:9200 ssl check verify none
+{% for opensearchhost in groups['opensearchescontainers'] %}
+     	server {{opensearchhost}} {{opensearchhost}}:9200 ssl check verify none
 {% endfor %}
-	tcp-request connection reject if !{ src -f /usr/local/etc/haproxy/odfe_whitelist.lst }
+	tcp-request connection reject if !{ src -f /usr/local/etc/haproxy/opensearch_whitelist.lst }
 	
 listen keycloakserv
         bind *:12443 ssl crt /etc/ssl/haproxy alpn h2,http/1.1
@@ -92,7 +92,7 @@ listen cortexserv
 {% endfor %}
 	tcp-request connection reject if !{ src -f /usr/local/etc/haproxy/cortex_whitelist.lst }
 
-listen kibanaserv
+listen opensearch-dashboards-serv
         bind *:5601 ssl crt /etc/ssl/haproxy alpn h2,http/1.1
         mode http
         maxconn 5000
@@ -101,10 +101,10 @@ listen kibanaserv
         option tcpka
         option forwardfor
         option httplog
-{% for kibanahost in groups['odfekibanacontainers'] %}
-        server {{kibanahost}} {{kibanahost}}:5601 ssl check verify none
+{% for opensearchdashboardshost in groups['opensearchdashboardscontainers'] %}
+        server {{opensearchdashboardshost}} {{opensearchdashboardshost}}:5601 ssl check verify none
 {% endfor %}
-	tcp-request connection reject if !{ src -f /usr/local/etc/haproxy/kibana_whitelist.lst }
+	tcp-request connection reject if !{ src -f /usr/local/etc/haproxy/opensearch-dashboards_whitelist.lst }
 
 listen mispserv
         bind *:6443 ssl crt /etc/ssl/haproxy alpn h2,http/1.1
diff --git a/roles/nifi/templates/flow.xml.j2 b/roles/nifi/templates/flow.xml.j2
index 1619ccd9e65d3bc8bd6453e0b01d457c9ade2db5..9d79a0402106e193b6e675208d60bf262f0d0f1a 100644
--- a/roles/nifi/templates/flow.xml.j2
+++ b/roles/nifi/templates/flow.xml.j2
@@ -12617,8 +12617,8 @@
     <variable name="elastic_username" value="{{ elastic_username }}" />
     <variable name="misp_url" value="{{ misp_url }}" />
     <variable name="elastic_url" value="https://{{ soctoolsproxy }}:9200" />
-    <variable name="elastic_password" value="{{lookup('password', '{{playbook_dir}}/secrets/passwords/odfees_adminpass')}}" />
+    <variable name="elastic_password" value="{{lookup('password', '{{playbook_dir}}/secrets/passwords/opensearches_adminpass')}}" />
   </rootGroup>
   <controllerServices />
   <reportingTasks />
-</flowController>
\ No newline at end of file
+</flowController>
diff --git a/roles/odfees/tasks/init.yml b/roles/odfees/tasks/init.yml
deleted file mode 100644
index 0eaedc5b5529f0568b706fea12f87d9d64c0489f..0000000000000000000000000000000000000000
--- a/roles/odfees/tasks/init.yml
+++ /dev/null
@@ -1,100 +0,0 @@
----
-
-- name: Copy cacert to ca-trust dir
-  remote_user: root
-  copy:
-    src: "{{playbook_dir}}/secrets/CA/ca.crt"
-    dest: /etc/pki/ca-trust/source/anchors/ca.crt
-
-- name: Install cacert to root truststore
-  remote_user: root
-  command: "update-ca-trust"
-
-- name: Copy certificates in odfe conf dir
-  remote_user: elasticsearch
-  copy:
-    src:  "{{ item }}"
-    dest: "config/"
-    mode: 0600
-  with_items:
-    - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.p12"
-    - "{{playbook_dir}}/secrets/CA/cacerts.jks"
-    - "{{playbook_dir}}/secrets/CA/private/{{soctools_users[0].CN}}.p12"
-
-- name: Configure sysconfig
-  remote_user: elasticsearch
-  template:
-    src: sysconfig_elasticsearch.j2
-    dest: sysconfig_elasticsearch
-
-- name: Copy sysconfig to /etc
-  remote_user: elasticsearch
-  command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch"
-
-- name: Configure odfe properties
-  remote_user: elasticsearch
-  template:
-    src: "config/{{item}}.j2"
-    dest: "config/{{item}}"
-  with_items:
-    - elasticsearch.yml
-    - jvm.options
-    - log4j2.properties
-
-- name: Change password for admin
-  remote_user: elasticsearch
-  command: "bash plugins/opendistro_security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/odfees_adminpass')}}"
-  register: adminhash
-  # when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
-
-- set_fact:
-    adminhashpwd: "{{ adminhash.stdout }}"
-    #adminhashpwd: "{{ hostvars[groups['odfeescontainers'][0]]['adminhash.stdout'] }}"
-  remote_user: elasticsearch
-
-- name: Change password for cortex
-  remote_user: elasticsearch
-  command: "bash plugins/opendistro_security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_odfe')}}"
-  register: cortexhash
-  # when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
-
-- set_fact:
-    cortexhashpwd: "{{ cortexhash.stdout }}"
-    #adminhashpwd: "{{ hostvars[groups['odfeescontainers'][0]]['adminhash.stdout'] }}"
-  remote_user: elasticsearch
-
-- name: Configure opendistro_security properties
-  remote_user: elasticsearch
-  template:
-    src: "securityconfig/{{item}}.j2"
-    dest: "plugins/opendistro_security/securityconfig/{{item}}"
-  with_items:
-    - internal_users.yml
-    - config.yml
-    - roles_mapping.yml
-
-
-- name: Start OpenDistro for Elasticsearch
-  remote_user: root
-  command: "supervisorctl start odfe"
-
-- name: Wait for ElasticSearch
-  remote_user: root
-  wait_for:
-    host: "{{groups['odfeescontainers'][0]}}"
-    port: 9200
-    state: started
-    delay: 5
-
-- name: Configure OpenDistro security
-  remote_user: elasticsearch
-  command: "bash ./plugins/opendistro_security/tools/securityadmin.sh -h {{groups['odfeescontainers'][0]}} -cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/ -ks '/usr/share/elasticsearch/config/{{soctools_users[0].CN}}.p12' -kspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} {{lookup('password','{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} -ts /usr/share/elasticsearch/config/cacerts.jks -tspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}} -cn soctools-cluster"
-  when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
-
-- name: Set Autostart for supervisord's services
-  remote_user: root
-  replace:
-    path: /etc/supervisord.conf
-    regexp: '^autostart=false$'
-    replace: 'autostart=true'
-
diff --git a/roles/odfees/tasks/start.yml b/roles/odfees/tasks/start.yml
deleted file mode 100644
index 953b53fdb88a6c8044581d374c3ba7620969faf8..0000000000000000000000000000000000000000
--- a/roles/odfees/tasks/start.yml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-
-- name: Start OpenDistro for Elasticsearch
-  remote_user: root
-  command: "supervisorctl start odfe"
-
-- name: Wait for ElasticSearch
-  remote_user: root
-  wait_for:
-    host: "{{groups['odfeescontainers'][0]}}"
-    port: 9200
-    state: started
-    delay: 5
-
diff --git a/roles/odfees/tasks/stop.yml b/roles/odfees/tasks/stop.yml
deleted file mode 100644
index 1302cc8bf86e04950e347eb12436b0a6cc0aac0f..0000000000000000000000000000000000000000
--- a/roles/odfees/tasks/stop.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-
-- name: Stop OpenDistro for Elasticsearch
-  remote_user: root
-  command: "supervisorctl stop odfe"
-
diff --git a/roles/odfees/tasks/update-config.yml b/roles/odfees/tasks/update-config.yml
deleted file mode 100644
index a40d487df503d8edc00dd641352d61d3f892042e..0000000000000000000000000000000000000000
--- a/roles/odfees/tasks/update-config.yml
+++ /dev/null
@@ -1,32 +0,0 @@
----
-
-- name: Configure sysconfig
-  remote_user: elasticsearch
-  template:
-    src: sysconfig_elasticsearch.j2
-    dest: sysconfig_elasticsearch
-
-- name: Copy sysconfig to /etc
-  remote_user: elasticsearch
-  command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch"
-
-- name: Configure odfe properties
-  remote_user: elasticsearch
-  template:
-    src: "config/{{item}}.j2"
-    dest: "config/{{item}}"
-  with_items:
-    - elasticsearch.yml
-    - jvm.options
-    - log4j2.properties
-
-- name: Configure opendistro_security properties
-  remote_user: elasticsearch
-  template:
-    src: "securityconfig/{{item}}.j2"
-    dest: "plugins/opendistro_security/securityconfig/{{item}}"
-  with_items:
-    - internal_users.yml
-    - config.yml
-    - roles_mapping.yml
-
diff --git a/roles/odfees/templates/config/elasticsearch.yml.j2 b/roles/odfees/templates/config/elasticsearch.yml.j2
deleted file mode 100644
index 5e8e18fc2999f2622cca3b0c229265a379c49b44..0000000000000000000000000000000000000000
--- a/roles/odfees/templates/config/elasticsearch.yml.j2
+++ /dev/null
@@ -1,67 +0,0 @@
-cluster.name: "soctools-cluster"
-#network.host: 0.0.0.0
-network.host: {{ inventory_hostname }}
-discovery.seed_hosts:
-{% for odfees in groups['odfeescontainers'] %}
-  - {{ odfees }}
-{% endfor %}
-#discovery.type: single-node
-transport.port: 9300
-
-path.logs: /usr/share/elasticsearch/logs
-# # minimum_master_nodes need to be explicitly set when bound on a public IP
-# # set to 1 to allow single node clusters
-# # Details: https://github.com/elastic/elasticsearch/pull/17288
-#discovery.zen.minimum_master_nodes: 1
-
-# # Breaking change in 7.0
-# # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes
-cluster.initial_master_nodes: 
-{% for odfees in groups['odfeescontainers'] %}
-  - {{ odfees }}
-{% endfor %}
-
-#    - elasticsearch1
-#    - docker-test-node-1 
-######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
-# WARNING: revise all the lines below before you go into production
-# opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
-# opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
-
-opendistro_security.ssl.transport.keystore_type: pkcs12
-opendistro_security.ssl.transport.keystore_filepath: {{ inventory_hostname }}.p12
-opendistro_security.ssl.transport.keystore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}"
-#opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.ssl.transport.truststore_type: jks
-opendistro_security.ssl.transport.truststore_filepath: cacerts.jks
-opendistro_security.ssl.transport.truststore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
-opendistro_security.ssl.transport.enforce_hostname_verification: false
-
-opendistro_security.ssl.http.enabled: true
-# opendistro_security.ssl.http.pemcert_filepath: esnode.pem
-# opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
-opendistro_security.ssl.http.keystore_type: pkcs12
-opendistro_security.ssl.http.keystore_filepath: {{ inventory_hostname }}.p12
-opendistro_security.ssl.http.keystore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}"
-opendistro_security.ssl.http.truststore_type: jks
-opendistro_security.ssl.http.truststore_filepath: cacerts.jks
-opendistro_security.ssl.http.truststore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
-#opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
-#opendistro_security.ssl.http.clientauth_mode: optional
-opendistro_security.allow_unsafe_democertificates: false
-opendistro_security.allow_default_init_securityindex: false
-opendistro_security.authcz.admin_dn:
-  - "{{soctools_users[0].DN}}"
-
-opendistro_security.nodes_dn:
-{% for odfees in groups['odfeescontainers'] %}
-  - "CN={{ odfees }}"
-{% endfor %}
-
-opendistro_security.audit.type: internal_elasticsearch
-opendistro_security.enable_snapshot_restore_privilege: true
-opendistro_security.check_snapshot_restore_write_privileges: true
-opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
-cluster.routing.allocation.disk.threshold_enabled: false
-node.max_local_storage_nodes: 3
-######## End OpenDistro for Elasticsearch Security Demo Configuration ########
diff --git a/roles/odfees/templates/config/jvm.options.j2 b/roles/odfees/templates/config/jvm.options.j2
deleted file mode 100644
index d2a22392210eadbdf65de97c77fd427799753c6a..0000000000000000000000000000000000000000
--- a/roles/odfees/templates/config/jvm.options.j2
+++ /dev/null
@@ -1,119 +0,0 @@
-## JVM configuration
-
-################################################################
-## IMPORTANT: JVM heap size
-################################################################
-##
-## You should always set the min and max JVM heap
-## size to the same value. For example, to set
-## the heap to 4 GB, set:
-##
-## -Xms4g
-## -Xmx4g
-##
-## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html
-## for more information
-##
-################################################################
-
-# Xms represents the initial size of total heap space
-# Xmx represents the maximum size of total heap space
-
--Xms{{odfe_javamem}}
--Xmx{{odfe_javamem}}
-
-################################################################
-## Expert settings
-################################################################
-##
-## All settings below this section are considered
-## expert settings. Don't tamper with them unless
-## you understand what you are doing
-##
-################################################################
-
-## GC configuration
--XX:+UseConcMarkSweepGC
--XX:CMSInitiatingOccupancyFraction=75
--XX:+UseCMSInitiatingOccupancyOnly
-
-## G1GC Configuration
-# NOTE: G1GC is only supported on JDK version 10 or later.
-# To use G1GC uncomment the lines below.
-# 10-:-XX:-UseConcMarkSweepGC
-# 10-:-XX:-UseCMSInitiatingOccupancyOnly
-# 10-:-XX:+UseG1GC
-# 10-:-XX:InitiatingHeapOccupancyPercent=75
-
-## DNS cache policy
-# cache ttl in seconds for positive DNS lookups noting that this overrides the
-# JDK security property networkaddress.cache.ttl; set to -1 to cache forever
--Des.networkaddress.cache.ttl=60
-# cache ttl in seconds for negative DNS lookups noting that this overrides the
-# JDK security property networkaddress.cache.negative ttl; set to -1 to cache
-# forever
--Des.networkaddress.cache.negative.ttl=10
-
-## optimizations
-
-# pre-touch memory pages used by the JVM during initialization
--XX:+AlwaysPreTouch
-
-## basic
-
-# explicitly set the stack size
--Xss1m
-
-# set to headless, just in case
--Djava.awt.headless=true
-
-# ensure UTF-8 encoding by default (e.g. filenames)
--Dfile.encoding=UTF-8
-
-# use our provided JNA always versus the system one
--Djna.nosys=true
-
-# turn off a JDK optimization that throws away stack traces for common
-# exceptions because stack traces are important for debugging
--XX:-OmitStackTraceInFastThrow
-
-# flags to configure Netty
--Dio.netty.noUnsafe=true
--Dio.netty.noKeySetOptimization=true
--Dio.netty.recycler.maxCapacityPerThread=0
-
-# log4j 2
--Dlog4j.shutdownHookEnabled=false
--Dlog4j2.disable.jmx=true
-
--Djava.io.tmpdir=${ES_TMPDIR}
-
-## heap dumps
-
-# generate a heap dump when an allocation from the Java heap fails
-# heap dumps are created in the working directory of the JVM
--XX:+HeapDumpOnOutOfMemoryError
-
-# specify an alternative path for heap dumps; ensure the directory exists and
-# has sufficient space
--XX:HeapDumpPath=data
-
-# specify an alternative path for JVM fatal error logs
--XX:ErrorFile=logs/hs_err_pid%p.log
-
-## JDK 8 GC logging
-
-8:-XX:+PrintGCDetails
-8:-XX:+PrintGCDateStamps
-8:-XX:+PrintTenuringDistribution
-8:-XX:+PrintGCApplicationStoppedTime
-8:-Xloggc:logs/gc.log
-8:-XX:+UseGCLogFileRotation
-8:-XX:NumberOfGCLogFiles=32
-8:-XX:GCLogFileSize=64m
-
-# JDK 9+ GC logging
-9-:-Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m
-# due to internationalization enhancements in JDK 9 Elasticsearch need to set the provider to COMPAT otherwise
-# time/date parsing will break in an incompatible way for some date patterns and locals
-9-:-Djava.locale.providers=COMPAT
diff --git a/roles/odfees/templates/config/log4j2.properties.j2 b/roles/odfees/templates/config/log4j2.properties.j2
deleted file mode 100644
index ee01d9a1406720d46fe983efacf16cc8d52c3729..0000000000000000000000000000000000000000
--- a/roles/odfees/templates/config/log4j2.properties.j2
+++ /dev/null
@@ -1,31 +0,0 @@
-status = error
-
-appender.console.type = Console
-appender.console.name = console
-appender.console.layout.type = PatternLayout
-appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
-
-appender.rolling.type = RollingFile
-appender.rolling.name = rolling
-appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_server.json
-appender.rolling.layout.type = ESJsonLayout
-appender.rolling.layout.type_name = server
-appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.json.gz
-appender.rolling.policies.type = Policies
-appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
-appender.rolling.policies.time.interval = 1
-appender.rolling.policies.time.modulate = true
-appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
-appender.rolling.policies.size.size = 20MB
-appender.rolling.strategy.type = DefaultRolloverStrategy
-appender.rolling.strategy.fileIndex = nomax
-appender.rolling.strategy.action.type = Delete
-appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path}
-appender.rolling.strategy.action.condition.type = IfFileName
-appender.rolling.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-*
-appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize
-appender.rolling.strategy.action.condition.nested_condition.exceeds = 100MB
-
-rootLogger.level = info
-#rootLogger.appenderRef.console.ref = console
-rootLogger.appenderRef.rolling.ref = rolling
diff --git a/roles/odfees/templates/sysconfig_elasticsearch.j2 b/roles/odfees/templates/sysconfig_elasticsearch.j2
deleted file mode 100644
index 60b69e2bcf1ca61478e7b94015344c15455ebc47..0000000000000000000000000000000000000000
--- a/roles/odfees/templates/sysconfig_elasticsearch.j2
+++ /dev/null
@@ -1,51 +0,0 @@
-################################
-# Elasticsearch
-################################
-
-# Elasticsearch home directory
-ES_HOME=/usr/share/elasticsearch
-
-# Elasticsearch Java path
-#JAVA_HOME=
-
-# Elasticsearch configuration directory
-ES_PATH_CONF=/usr/share/elasticsearch/config
-
-# Elasticsearch PID directory
-#PID_DIR=/var/run/elasticsearch
-
-# Additional Java OPTS
-#ES_JAVA_OPTS=
-
-# Configure restart on package upgrade (true, every other setting will lead to not restarting)
-#RESTART_ON_UPGRADE=true
-
-################################
-# Elasticsearch service
-################################
-
-# SysV init.d
-#
-# The number of seconds to wait before checking if Elasticsearch started successfully as a daemon process
-ES_STARTUP_SLEEP_TIME=5
-
-################################
-# System properties
-################################
-
-# Specifies the maximum file descriptor number that can be opened by this process
-# When using Systemd, this setting is ignored and the LimitNOFILE defined in
-# /usr/lib/systemd/system/elasticsearch.service takes precedence
-#MAX_OPEN_FILES=65535
-
-# The maximum number of bytes of memory that may be locked into RAM
-# Set to "unlimited" if you use the 'bootstrap.memory_lock: true' option
-# in elasticsearch.yml.
-# When using systemd, LimitMEMLOCK must be set in a unit file such as
-# /etc/systemd/system/elasticsearch.service.d/override.conf.
-#MAX_LOCKED_MEMORY=unlimited
-
-# Maximum number of VMA (Virtual Memory Areas) a process can own
-# When using Systemd, this setting is ignored and the 'vm.max_map_count'
-# property is set at boot time in /usr/lib/sysctl.d/elasticsearch.conf
-#MAX_MAP_COUNT=262144
diff --git a/roles/odfekibana/files/.empty b/roles/odfekibana/files/.empty
deleted file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000
diff --git a/roles/odfekibana/tasks/stop.yml b/roles/odfekibana/tasks/stop.yml
deleted file mode 100644
index 2ab354a31339c1ee47c5d287277b9e25c6afa377..0000000000000000000000000000000000000000
--- a/roles/odfekibana/tasks/stop.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- name: Stop OpenDistro Kibana for Elasticsearch
-  remote_user: root
-  command: "supervisorctl stop kibana"
diff --git a/roles/odfekibana/tasks/update-config.yml b/roles/odfekibana/tasks/update-config.yml
deleted file mode 100644
index d258885ceac6fd12f7d69accb97745835da9eec5..0000000000000000000000000000000000000000
--- a/roles/odfekibana/tasks/update-config.yml
+++ /dev/null
@@ -1,34 +0,0 @@
----
-
-- name: Configure odfe kibana properties
-  remote_user: kibana
-  template:
-    src: "{{item}}.j2"
-    dest: "config/{{item}}"
-  with_items:
-    - kibana.yml
-
-- name: Configure odfe kibana start script
-  remote_user: kibana
-  template:
-    src: "{{item}}.j2"
-    dest: "{{item}}"
-    mode: 0750
-  with_items:
-    - startkibana.sh
-
-- name: Generate configuration for thehive_button plugin
-  remote_user: kibana
-  template:
-    src: files/env.js.j2
-    dest: "/usr/share/kibana/plugins/thehive_button/public/env.js"
-    owner: kibana
-    group: kibana
-
-
-- name: Copy kibana_graphs.ndjson to container
-  remote_user: kibana
-  template:
-    src: "kibana_graphs.ndjson.j2"
-    dest: /tmp/kibana_graphs.ndjson
-
diff --git a/roles/odfekibana/templates/kibana.yml.j2 b/roles/odfekibana/templates/kibana.yml.j2
deleted file mode 100644
index 506b10c06880643c831526fa684d30e98a3efa62..0000000000000000000000000000000000000000
--- a/roles/odfekibana/templates/kibana.yml.j2
+++ /dev/null
@@ -1,65 +0,0 @@
----
-# Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-
-# Description: 
-# Default Kibana configuration from kibana-docker.
-
-#logging.verbose: true
-cpu.cgroup.path.override: /
-cpuacct.cgroup.path.override: /
-pid.file: {{inventory_hostname}}.pid
-
-server.name: {{inventory_hostname}}
-server.host: "{{inventory_hostname}}"
-#elasticsearch.hosts: https://localhost:9200
-elasticsearch.hosts: https://{{groups['odfeescontainers'][0]}}:9200
-elasticsearch.ssl.verificationMode: none
-elasticsearch.username: kibanaserver
-elasticsearch.password: kibanaserver
-elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
-
-opendistro_security.multitenancy.enabled: false
-#opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
-opendistro_security.readonly_mode.roles: ["kibana_read_only"]
-
-#new in 7.6
-#newsfeed.enabled: false
-#telemetry.optIn: false
-#telemetry.enabled: false
-
-opendistro_security.auth.type: "openid"
-opendistro_security.openid.connect_url: "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration"
-opendistro_security.openid.client_id: "soctools-kibana"
-opendistro_security.openid.client_secret: "{{kibanasecret.value}}"
-opendistro_security.openid.root_ca: "/usr/share/kibana/config/ca.crt"
-opendistro_security.openid.base_redirect_url: "https://{{soctoolsproxy}}:5601"
-
-opendistro_security.cookie.secure: true
-opendistro_security.cookie.password: "{{lookup("password", "{{playbook_dir}}/secrets/passwords/kibana_cookiepassword length=32")}}"
-
-server.ssl.enabled: true
-server.ssl.key: /usr/share/kibana/config/{{inventory_hostname}}.key
-server.ssl.certificate: /usr/share/kibana/config/{{inventory_hostname}}.crt
-#server.ssl.keystore.path: /usr/share/kibana/config/{{inventory_hostname}}.p12
-#server.ssl.keystore.password: {{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}
-#server.ssl.certificateAuthorities:
-#server.ssl.truststore.path: jks (p12?)
-#server.ssl.truststore.password:
-
-
-#elasticsearch.ssl.certificate: /usr/share/kibana/config/{{inventory_hostname}}.crt
-#elasticsearch.ssl.key: /usr/share/kibana/config/{{inventory_hostname}}.key
-#elasticsearch.ssl.certificateAuthorities: /usr/share/kibana/config/{{ca_cn}}.crt
-
-opendistro_security.allow_client_certificates: true
diff --git a/roles/odfekibana/templates/startkibana.sh.j2 b/roles/odfekibana/templates/startkibana.sh.j2
deleted file mode 100644
index 74039208775785dc27dd1349cf2debc0889a9dc5..0000000000000000000000000000000000000000
--- a/roles/odfekibana/templates/startkibana.sh.j2
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash -x
-#exec /usr/share/kibana/bin/kibana -c /usr/share/kibana/config/kibana.yml --verbose > kblog 2>&1 &
-/usr/share/kibana/bin/kibana -c /usr/share/kibana/config/kibana.yml > kblog 2>&1 &
-# disown
-
-
diff --git a/roles/odfees/defaults/main.yml b/roles/opensearch-dashboards/defaults/main.yml
similarity index 100%
rename from roles/odfees/defaults/main.yml
rename to roles/opensearch-dashboards/defaults/main.yml
diff --git a/roles/build/files/odfekibana/.empty b/roles/opensearch-dashboards/files/.empty
similarity index 100%
rename from roles/build/files/odfekibana/.empty
rename to roles/opensearch-dashboards/files/.empty
diff --git a/roles/odfekibana/files/env.js.j2 b/roles/opensearch-dashboards/files/env.js.j2
similarity index 100%
rename from roles/odfekibana/files/env.js.j2
rename to roles/opensearch-dashboards/files/env.js.j2
diff --git a/roles/odfekibana/files/tenant.json b/roles/opensearch-dashboards/files/tenant.json
similarity index 100%
rename from roles/odfekibana/files/tenant.json
rename to roles/opensearch-dashboards/files/tenant.json
diff --git a/roles/odfees/handlers/main.yml b/roles/opensearch-dashboards/handlers/main.yml
similarity index 100%
rename from roles/odfees/handlers/main.yml
rename to roles/opensearch-dashboards/handlers/main.yml
diff --git a/roles/odfees/meta/main.yml b/roles/opensearch-dashboards/meta/main.yml
similarity index 100%
rename from roles/odfees/meta/main.yml
rename to roles/opensearch-dashboards/meta/main.yml
diff --git a/roles/odfekibana/tasks/init.yml b/roles/opensearch-dashboards/tasks/init.yml
similarity index 57%
rename from roles/odfekibana/tasks/init.yml
rename to roles/opensearch-dashboards/tasks/init.yml
index 718d7ce33e20099716a62ec0cb833c91e6d970b5..4de794e62c261ca0a3584c6e12dcaa4c9d35543c 100644
--- a/roles/odfekibana/tasks/init.yml
+++ b/roles/opensearch-dashboards/tasks/init.yml
@@ -1,22 +1,11 @@
 ---
 
-- name: Download kibana plugins
-  get_url:
-    url: "https://gitlab.geant.org/gn4-3-wp8-t3.1-soc/kibana-plugins/-/archive/{{ kibana_plugins_version }}/kibana-plugins-{{kibana_plugins_version}}.tar.gz"
-    dest: /tmp/kibana_plugins.tar.gz
-
-- name: Gunzip kibana plugins
-  unarchive:
-    src: "/tmp/kibana_plugins.tar.gz"
-    dest: /tmp
-    remote_src: yes
-
-- name: Install the Hive Button plugin
-  copy:
-    src: "/tmp/kibana-plugins-{{kibana_plugins_version}}/thehive_button"
-    dest: "/usr/share/kibana/plugins"
-    owner: kibana
-    remote_src: yes
+#- name: Install the Hive Button plugin
+#  copy:
+#    src: "/tmp/kibana-plugins-{{kibana_plugins_version}}/thehive_button"
+#    dest: "/usr/share/kibana/plugins"
+#    owner: kibana
+#    remote_src: yes
 
 - name: Copy cacert to ca-trust dir
   remote_user: root
@@ -28,8 +17,8 @@
   remote_user: root
   command: "update-ca-trust"
 
-- name: Copy certificates in odfe kibana conf dir
-  remote_user: kibana
+- name: Copy certificates in Opensearch Dashboards conf dir
+  remote_user: dashboards
   copy:
     src:  "{{ item }}"
     dest: "config/"
@@ -43,50 +32,41 @@
     - "{{playbook_dir}}/secrets/CA/private/{{soctools_users[0].CN}}.p12"
 
 - name: Get openid authkey
-  remote_user: kibana
+  remote_user: dashboards
   set_fact:
     kibanasecret: "{{lookup('file', '{{playbook_dir}}/secrets/tokens/kibanasecret',convert_data=False) | from_json }}"
 
-- name: Configure odfe kibana properties
-  remote_user: kibana
+- name: Configure Opensearch Dashboards properties
+  remote_user: dashboards
   template:
     src: "{{item}}.j2"
     dest: "config/{{item}}"
   with_items:
-    - kibana.yml
-
-- name: Configure odfe kibana start script
-  remote_user: kibana
-  template:
-    src: "{{item}}.j2"
-    dest: "{{item}}"
-    mode: 0750
-  with_items:
-    - startkibana.sh
+    - opensearch_dashboards.yml
 
-- name: Generate configuration for thehive_button plugin
-  remote_user: kibana
-  template:
-    src: files/env.js.j2
-    dest: "/usr/share/kibana/plugins/thehive_button/public/env.js"
-    owner: kibana
-    group: kibana
+#- name: Generate configuration for thehive_button plugin
+#  remote_user: dashboards
+#  template:
+#    src: files/env.js.j2
+#    dest: "/opt/opensearch-dashboards/plugins/thehive_button/public/env.js"
+#    owner: dashboards
+#    group: dashboards
 
 
-- name: Start Kibana
+- name: Start Opensearch Dashboards
   remote_user: root
-  shell: "supervisorctl start kibana"
+  shell: "supervisorctl start opensearch-dashboards"
 
-- name: Wait for Kibana
-  remote_user: kibana
+- name: Wait for Opensearch Dashboards
+  remote_user: dashboards
   wait_for:
-    host: "{{groups['odfekibanacontainers'][0]}}"
+    host: "{{groups['opensearchdashboardscontainers'][0]}}"
     port: 5601
     state: started
     delay: 5
 
-- name: Check Kibana health
-  remote_user: kibana
+- name: Check Opensearch Dashboards health
+  remote_user: dashboards
   shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \
               | egrep status....overall....state...green'
   register: result
@@ -95,32 +75,32 @@
   delay: 2
   ignore_errors: yes
 
-- name: Copy kibana_graphs.ndjson to container
-  remote_user: kibana
+- name: Copy opensearch-dashboards_graphs.ndjson to container
+  remote_user: dashboards
   template:
-    src: "kibana_graphs.ndjson.j2"
-    dest: /tmp/kibana_graphs.ndjson
+    src: "opensearch-dashboards_graphs.ndjson.j2"
+    dest: /tmp/opensearch-dashboards_graphs.ndjson
 
-- name: Import graphs to kibana
-  remote_user: kibana
+- name: Import graphs to Opensearch Dashboards
+  remote_user: dashboards
   shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/saved_objects/_import?overwrite=true" \
           -b /tmp/cookie.txt -c /tmp/cookie.txt \
-          -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \
+          -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass")}} \
           -H "kbn-xsrf: reporting" -H "Content-Type: multipart/form-data" \
-          -F "file=@/tmp/kibana_graphs.ndjson"'
+          -F "file=@/tmp/opensearch-dashboards_graphs.ndjson"'
   ignore_errors: True
 
 - name: Copy role modification json to container
-  remote_user: kibana
+  remote_user: dashboards
   template:
     src: "role.json.j2"
     dest: /tmp/role.json
 
 - name: Grant admin permissions to users
-  remote_user: kibana
+  remote_user: dashboards
   shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/v1/configuration/rolesmapping/all_access" \
           -b /tmp/cookie.txt -c /tmp/cookie.txt \
-          -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \
+          -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass")}} \
           -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \
           -d @/tmp/role.json'
 
diff --git a/roles/odfekibana/tasks/main.yml b/roles/opensearch-dashboards/tasks/main.yml
similarity index 62%
rename from roles/odfekibana/tasks/main.yml
rename to roles/opensearch-dashboards/tasks/main.yml
index 429925b89da09f01c8de81db6edcdbeb6be5d407..eafe658cec617e9730e8b5047a423aa31c9a2247 100644
--- a/roles/odfekibana/tasks/main.yml
+++ b/roles/opensearch-dashboards/tasks/main.yml
@@ -6,17 +6,17 @@
 - include: start.yml
   tags:
    - start
-   - start-odfekibana
+   - start-opensearch-dashboards
    - init
 - include: stop.yml
   tags:
    - stop
-   - stop-odfekibana
+   - stop-opensearch-dashboards
 - include: update-config.yml
   tags:
    - update-config
-   - update-odfekibana-config
+   - update-opensearch-dashboards-config
 - include: restart.yml
   tags:
    - restart
-   - restart-odfekibana
+   - restart-opensearch-dashboards
diff --git a/roles/odfekibana/tasks/restart.yml b/roles/opensearch-dashboards/tasks/restart.yml
similarity index 65%
rename from roles/odfekibana/tasks/restart.yml
rename to roles/opensearch-dashboards/tasks/restart.yml
index cadeb7e282e7d8718218791bdb6c81869810006b..71b16bc97713afea12414093732e73fc51cc83f2 100644
--- a/roles/odfekibana/tasks/restart.yml
+++ b/roles/opensearch-dashboards/tasks/restart.yml
@@ -2,18 +2,18 @@
 
 - name: Restart Kibana
   remote_user: root
-  shell: "supervisorctl restart kibana"
+  shell: "supervisorctl restart opensearch-dashboards"
 
 - name: Wait for Kibana
-  remote_user: kibana
+  remote_user: dashboards
   wait_for:
-    host: "{{groups['odfekibanacontainers'][0]}}"
+    host: "{{groups['opensearchdashboardscontainers'][0]}}"
     port: 5601
     state: started
     delay: 5
 
-- name: Check Kibana health
-  remote_user: kibana
+- name: Check Opensearch Dashboards health
+  remote_user: dashboards
   shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \
               | egrep status....overall....state...green'
   register: result
diff --git a/roles/odfekibana/tasks/start.yml b/roles/opensearch-dashboards/tasks/start.yml
similarity index 54%
rename from roles/odfekibana/tasks/start.yml
rename to roles/opensearch-dashboards/tasks/start.yml
index b22cd0de212ad38926b46e7c1d845f8581b9147a..dfe139faeca8f2bf74f5cdee1d0554bc4001b6ed 100644
--- a/roles/odfekibana/tasks/start.yml
+++ b/roles/opensearch-dashboards/tasks/start.yml
@@ -1,19 +1,19 @@
 ---
 
-- name: Start Kibana
+- name: Start Opensearch Dashboards
   remote_user: root
-  shell: "supervisorctl start kibana"
+  shell: "supervisorctl start opensearch-dashboards"
 
-- name: Wait for Kibana
-  remote_user: kibana
+- name: Wait for Opensearch Dashboards
+  remote_user: dashboards
   wait_for:
-    host: "{{groups['odfekibanacontainers'][0]}}"
+    host: "{{groups['opensearchdashboardscontainers'][0]}}"
     port: 5601
     state: started
     delay: 5
 
-- name: Check Kibana health
-  remote_user: kibana
+- name: Check Opensearch Dashboards health
+  remote_user: dashboards
   shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \
               | egrep status....overall....state...green'
   register: result
diff --git a/roles/opensearch-dashboards/tasks/stop.yml b/roles/opensearch-dashboards/tasks/stop.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9b837b47c4507e6e4652827d2b53ede7f4bb4169
--- /dev/null
+++ b/roles/opensearch-dashboards/tasks/stop.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Stop Opensearch Dashboards
+  remote_user: root
+  command: "supervisorctl stop opensearch-dashboards"
diff --git a/roles/opensearch-dashboards/tasks/update-config.yml b/roles/opensearch-dashboards/tasks/update-config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0b394088fe6979a977156343b77d120f580002b7
--- /dev/null
+++ b/roles/opensearch-dashboards/tasks/update-config.yml
@@ -0,0 +1,25 @@
+---
+
+- name: Configure Opensearch Dashboards properties
+  remote_user: dashboards
+  template:
+    src: "{{item}}.j2"
+    dest: "config/{{item}}"
+  with_items:
+    - opensearch_dashboards.yml
+
+- name: Generate configuration for thehive_button plugin
+  remote_user: dashboards
+  template:
+    src: files/env.js.j2
+    dest: "/opt/opensearch-dashboards/plugins/thehive_button/public/env.js"
+    owner: dashboards
+    group: dashboards
+
+
+- name: Copy opensearch-dashboards_graphs.ndjson to container
+  remote_user: dashboards
+  template:
+    src: "opensearch-dashboards_graphs.ndjson.j2"
+    dest: /tmp/opensearch-dashboards_graphs.ndjson
+
diff --git a/roles/odfekibana/templates/kibana_graphs.ndjson.j2 b/roles/opensearch-dashboards/templates/opensearch-dashboards_graphs.ndjson.j2
similarity index 100%
rename from roles/odfekibana/templates/kibana_graphs.ndjson.j2
rename to roles/opensearch-dashboards/templates/opensearch-dashboards_graphs.ndjson.j2
diff --git a/roles/opensearch-dashboards/templates/opensearch_dashboards.yml.j2 b/roles/opensearch-dashboards/templates/opensearch_dashboards.yml.j2
new file mode 100644
index 0000000000000000000000000000000000000000..7b389ad6b12c482dbad760c9d47d6d0a0dfb1829
--- /dev/null
+++ b/roles/opensearch-dashboards/templates/opensearch_dashboards.yml.j2
@@ -0,0 +1,201 @@
+---
+# Copyright OpenSearch Contributors
+# SPDX-License-Identifier: Apache-2.0
+
+# Description:
+# Default configuration for OpenSearch Dashboards
+
+# OpenSearch Dashboards is served by a back end server. This setting specifies the port to use.
+# server.port: 5601
+
+# Specifies the address to which the OpenSearch Dashboards server will bind. IP addresses and host names are both valid values.
+# The default is 'localhost', which usually means remote machines will not be able to connect.
+# To allow connections from remote users, set this parameter to a non-loopback address.
+# server.host: "localhost"
+server.host: "{{inventory_hostname}}"
+
+# Enables you to specify a path to mount OpenSearch Dashboards at if you are running behind a proxy.
+# Use the `server.rewriteBasePath` setting to tell OpenSearch Dashboards if it should remove the basePath
+# from requests it receives, and to prevent a deprecation warning at startup.
+# This setting cannot end in a slash.
+# server.basePath: ""
+
+# Specifies whether OpenSearch Dashboards should rewrite requests that are prefixed with
+# `server.basePath` or require that they are rewritten by your reverse proxy.
+# server.rewriteBasePath: false
+
+# The maximum payload size in bytes for incoming server requests.
+# server.maxPayloadBytes: 1048576
+
+# The OpenSearch Dashboards server's name.  This is used for display purposes.
+# server.name: "your-hostname"
+server.name: {{inventory_hostname}}
+
+# The URLs of the OpenSearch instances to use for all your queries.
+# opensearch.hosts: ["http://localhost:9200"]
+opensearch.hosts: ["https://{{groups['opensearchescontainers'][0]}}:9200","https://{{groups['opensearchescontainers'][1]}}:9200"]
+
+# OpenSearch Dashboards uses an index in OpenSearch to store saved searches, visualizations and
+# dashboards. OpenSearch Dashboards creates a new index if the index doesn't already exist.
+# opensearchDashboards.index: ".opensearch_dashboards"
+
+# The default application to load.
+# opensearchDashboards.defaultAppId: "home"
+
+# Setting for an optimized healthcheck that only uses the local OpenSearch node to do Dashboards healthcheck.
+# This settings should be used for large clusters or for clusters with ingest heavy nodes.
+# It allows Dashboards to only healthcheck using the local OpenSearch node rather than fan out requests across all nodes.
+#
+# It requires the user to create an OpenSearch node attribute with the same name as the value used in the setting
+# This node attribute should assign all nodes of the same cluster an integer value that increments with each new cluster that is spun up
+# e.g. in opensearch.yml file you would set the value to a setting using node.attr.cluster_id:
+# Should only be enabled if there is a corresponding node attribute created in your OpenSearch config that matches the value here
+# opensearch.optimizedHealthcheckId: "cluster_id"
+
+# If your OpenSearch is protected with basic authentication, these settings provide
+# the username and password that the OpenSearch Dashboards server uses to perform maintenance on the OpenSearch Dashboards
+# index at startup. Your OpenSearch Dashboards users still need to authenticate with OpenSearch, which
+# is proxied through the OpenSearch Dashboards server.
+# opensearch.username: "opensearch_dashboards_system"
+# opensearch.password: "pass"
+opensearch.username: kibanaserver
+opensearch.password: kibanaserver
+
+# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
+# These settings enable SSL for outgoing requests from the OpenSearch Dashboards server to the browser.
+# server.ssl.enabled: false
+# server.ssl.certificate: /path/to/your/server.crt
+# server.ssl.key: /path/to/your/server.key
+server.ssl.enabled: true
+server.ssl.key: /opt/opensearch-dashboards/config/{{inventory_hostname}}.key
+server.ssl.certificate: /opt/opensearch-dashboards/config/{{inventory_hostname}}.crt
+
+# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
+# These files are used to verify the identity of OpenSearch Dashboards to OpenSearch and are required when
+# xpack.security.http.ssl.client_authentication in OpenSearch is set to required.
+# opensearch.ssl.certificate: /path/to/your/client.crt
+# opensearch.ssl.key: /path/to/your/client.key
+
+# Optional setting that enables you to specify a path to the PEM file for the certificate
+# authority for your OpenSearch instance.
+# opensearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
+
+# To disregard the validity of SSL certificates, change this setting's value to 'none'.
+# opensearch.ssl.verificationMode: full
+opensearch.ssl.verificationMode: none
+
+# Time in milliseconds to wait for OpenSearch to respond to pings. Defaults to the value of
+# the opensearch.requestTimeout setting.
+# opensearch.pingTimeout: 1500
+
+# Time in milliseconds to wait for responses from the back end or OpenSearch. This value
+# must be a positive integer.
+# opensearch.requestTimeout: 30000
+
+# List of OpenSearch Dashboards client-side headers to send to OpenSearch. To send *no* client-side
+# headers, set this value to [] (an empty list).
+# opensearch.requestHeadersWhitelist: [ authorization ]
+opensearch.requestHeadersWhitelist: [authorization, securitytenant]
+
+# Header names and values that are sent to OpenSearch. Any custom headers cannot be overwritten
+# by client-side headers, regardless of the opensearch.requestHeadersWhitelist configuration.
+# opensearch.customHeaders: {}
+
+# Time in milliseconds for OpenSearch to wait for responses from shards. Set to 0 to disable.
+# opensearch.shardTimeout: 30000
+
+# Logs queries sent to OpenSearch. Requires logging.verbose set to true.
+# opensearch.logQueries: false
+
+# Specifies the path where OpenSearch Dashboards creates the process ID file.
+# pid.file: /var/run/opensearchDashboards.pid
+pid.file: {{inventory_hostname}}.pid
+
+# Enables you to specify a file where OpenSearch Dashboards stores log output.
+# logging.dest: stdout
+
+# Set the value of this setting to true to suppress all logging output.
+# logging.silent: false
+
+# Set the value of this setting to true to suppress all logging output other than error messages.
+# logging.quiet: false
+
+# Set the value of this setting to true to log all events, including system usage information
+# and all requests.
+# logging.verbose: false
+
+# Set the interval in milliseconds to sample system and process performance
+# metrics. Minimum is 100ms. Defaults to 5000.
+# ops.interval: 5000
+
+# Specifies locale to be used for all localizable strings, dates and number formats.
+# Supported languages are the following: English - en , by default , Chinese - zh-CN .
+# i18n.locale: "en"
+
+# Set the allowlist to check input graphite Url. Allowlist is the default check list.
+# vis_type_timeline.graphiteAllowedUrls: ['https://www.hostedgraphite.com/UID/ACCESS_KEY/graphite']
+
+# Set the blocklist to check input graphite Url. Blocklist is an IP list.
+# Below is an example for reference
+# vis_type_timeline.graphiteBlockedIPs: [
+#  //Loopback
+#  '127.0.0.0/8',
+#  '::1/128',
+#  //Link-local Address for IPv6
+#  'fe80::/10',
+#  //Private IP address for IPv4
+#  '10.0.0.0/8',
+#  '172.16.0.0/12',
+#  '192.168.0.0/16',
+#  //Unique local address (ULA)
+#  'fc00::/7',
+#  //Reserved IP address
+#  '0.0.0.0/8',
+#  '100.64.0.0/10',
+#  '192.0.0.0/24',
+#  '192.0.2.0/24',
+#  '198.18.0.0/15',
+#  '192.88.99.0/24',
+#  '198.51.100.0/24',
+#  '203.0.113.0/24',
+#  '224.0.0.0/4',
+#  '240.0.0.0/4',
+#  '255.255.255.255/32',
+#  '::/128',
+#  '2001:db8::/32',
+#  'ff00::/8',
+# ]
+# vis_type_timeline.graphiteBlockedIPs: []
+
+# opensearchDashboards.branding:
+#   logo:
+#     defaultUrl: ""
+#     darkModeUrl: ""
+#   mark:
+#     defaultUrl: ""
+#     darkModeUrl: ""
+#   loadingLogo:
+#     defaultUrl: ""
+#     darkModeUrl: ""
+#   faviconUrl: ""
+#   applicationTitle: ""
+
+# Set the value of this setting to true to capture region blocked warnings and errors
+# for your map rendering services.
+# map.showRegionBlockedWarning: false%
+
+opensearch_security.multitenancy.enabled: false
+#opensearch_security.multitenancy.tenants.preferred: [Private, Global]
+opensearch_security.readonly_mode.roles: [kibana_read_only]
+# Use this setting if you are running opensearch-dashboards without https
+opensearch_security.cookie.secure: true
+opensearch_security.cookie.password: "{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearch-dashboards_cookiepassword length=32")}}"
+
+opensearch_security.auth.type: "openid"
+opensearch_security.openid.connect_url: "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration"
+opensearch_security.openid.client_id: "soctools-opensearch-dashboards"
+opensearch_security.openid.client_secret: "{{kibanasecret.value}}"
+opensearch_security.openid.root_ca: "/opt/opensearch-dashboards/config/ca.crt"
+opensearch_security.openid.base_redirect_url: "https://{{soctoolsproxy}}:5601"
+
+opensearch_security.allow_client_certificates: true
diff --git a/roles/odfekibana/templates/role.json.j2 b/roles/opensearch-dashboards/templates/role.json.j2
similarity index 100%
rename from roles/odfekibana/templates/role.json.j2
rename to roles/opensearch-dashboards/templates/role.json.j2
diff --git a/roles/odfees/vars/main.yml b/roles/opensearch-dashboards/vars/main.yml
similarity index 100%
rename from roles/odfees/vars/main.yml
rename to roles/opensearch-dashboards/vars/main.yml
diff --git a/roles/odfekibana/defaults/main.yml b/roles/opensearches/defaults/main.yml
similarity index 100%
rename from roles/odfekibana/defaults/main.yml
rename to roles/opensearches/defaults/main.yml
diff --git a/roles/odfees/files/.empty b/roles/opensearches/files/.empty
similarity index 100%
rename from roles/odfees/files/.empty
rename to roles/opensearches/files/.empty
diff --git a/roles/odfekibana/handlers/main.yml b/roles/opensearches/handlers/main.yml
similarity index 100%
rename from roles/odfekibana/handlers/main.yml
rename to roles/opensearches/handlers/main.yml
diff --git a/roles/odfekibana/meta/main.yml b/roles/opensearches/meta/main.yml
similarity index 100%
rename from roles/odfekibana/meta/main.yml
rename to roles/opensearches/meta/main.yml
diff --git a/roles/opensearches/tasks/init.yml b/roles/opensearches/tasks/init.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a43335eabf971246ed8a74b865fbdf109199f568
--- /dev/null
+++ b/roles/opensearches/tasks/init.yml
@@ -0,0 +1,90 @@
+---
+
+- name: Copy cacert to ca-trust dir
+  remote_user: root
+  copy:
+    src: "{{playbook_dir}}/secrets/CA/ca.crt"
+    dest: /etc/pki/ca-trust/source/anchors/ca.crt
+
+- name: Install cacert to root truststore
+  remote_user: root
+  command: "update-ca-trust"
+
+- name: Copy certificates in opensearch conf dir
+  remote_user: opensearch
+  copy:
+    src:  "{{ item }}"
+    dest: "config/"
+    mode: 0600
+  with_items:
+    - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.p12"
+    - "{{playbook_dir}}/secrets/CA/cacerts.jks"
+    - "{{playbook_dir}}/secrets/CA/private/{{soctools_users[0].CN}}.p12"
+
+- name: Configure opensearch properties
+  remote_user: opensearch
+  template:
+    src: "config/{{item}}.j2"
+    dest: "config/opensearch-security/{{item}}"
+  with_items:
+    - opensearch.yml
+    - jvm.options
+    - log4j2.properties
+
+- name: Change password for admin
+  remote_user: opensearch
+  command: "OPENSEARCH_JAVA_HOME=/opt/opensearch/jdk bash ./plugins/opensearch-security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/opensearches_adminpass')}}"
+  register: adminhash
+
+- set_fact:
+    adminhashpwd: "{{ adminhash.stdout }}"
+    #adminhashpwd: "{{ hostvars[groups['opensearchescontainers'][0]]['adminhash.stdout'] }}"
+  remote_user: opensearch
+
+- name: Change password for cortex
+  remote_user: opensearch
+  # when: "'{{groups['opensearchescontainers'][0]}}' in inventory_hostname"
+  command: "OPENSEARCH_JAVA_HOME=/opt/opensearch/jdk bash plugins/opendistro_security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_opensearch')}}"
+  register: cortexhash
+  # when: "'{{groups['opensearchescontainers'][0]}}' in inventory_hostname"
+
+- set_fact:
+    cortexhashpwd: "{{ cortexhash.stdout }}"
+    #adminhashpwd: "{{ hostvars[groups['opensearchescontainers'][0]]['adminhash.stdout'] }}"
+  remote_user: opensearch
+
+- name: Configure opensearch_security properties
+  remote_user: opensearch
+  template:
+    src: "securityconfig/{{item}}.j2"
+    dest: "plugins/opendistro_security/securityconfig/{{item}}"
+  with_items:
+    - internal_users.yml
+    - config.yml
+    - roles_mapping.yml
+
+
+- name: Start opensearch
+  remote_user: root
+  command: "supervisorctl start opensearch"
+
+- name: Wait for OpenSearch
+  remote_user: root
+  wait_for:
+    host: "{{groups['opensearchescontainers'][0]}}"
+    port: 9200
+    state: started
+    delay: 5
+
+#- name: Configure Opensearch security
+#  remote_user: opensearch
+#  command: "bash ./plugins/opendistro_security/tools/securityadmin.sh -h {{groups['opensearchescontainers'][0]}} -cd /usr/share/opensearch/plugins/opendistro_security/securityconfig/ -ks '/usr/share/opensearch/config/{{soctools_users[0].CN}}.p12' -kspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} {{lookup('password','{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} -ts /usr/share/opensearch/config/cacerts.jks -tspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}} -cn soctools-cluster"
+#  when: "'{{groups['opensearchescontainers'][0]}}' in inventory_hostname"
+
+- name: Set Autostart for supervisord's services
+  remote_user: root
+  replace:
+    path: /etc/supervisord.conf
+    regexp: '^autostart=false$'
+    replace: 'autostart=true'
+
diff --git a/roles/odfees/tasks/main.yml b/roles/opensearches/tasks/main.yml
similarity index 100%
rename from roles/odfees/tasks/main.yml
rename to roles/opensearches/tasks/main.yml
diff --git a/roles/odfees/tasks/restart.yml b/roles/opensearches/tasks/restart.yml
similarity index 65%
rename from roles/odfees/tasks/restart.yml
rename to roles/opensearches/tasks/restart.yml
index 130f200cb0e139f54001e92ebb0bff025e803136..2d807326d01e9ace244af6d421632492ad505cc4 100644
--- a/roles/odfees/tasks/restart.yml
+++ b/roles/opensearches/tasks/restart.yml
@@ -2,12 +2,12 @@
 
 - name: Restart OpenDistro for Elasticsearch
   remote_user: root
-  command: "supervisorctl restart odfe"
+  command: "supervisorctl restart opensearch"
 
 - name: Wait for ElasticSearch
   remote_user: root
   wait_for:
-    host: "{{groups['odfeescontainers'][0]}}"
+    host: "{{groups['opensearchescontainers'][0]}}"
     port: 9200
     state: started
     delay: 5
diff --git a/roles/opensearches/tasks/start.yml b/roles/opensearches/tasks/start.yml
new file mode 100644
index 0000000000000000000000000000000000000000..78f5e901d3edee18758108ceb567152d86dbbe35
--- /dev/null
+++ b/roles/opensearches/tasks/start.yml
@@ -0,0 +1,14 @@
+---
+
+- name: Start OpenDistro for Opensearch
+  remote_user: root
+  command: "supervisorctl start opensearch"
+
+- name: Wait for OpenSearch
+  remote_user: root
+  wait_for:
+    host: "{{groups['opensearchescontainers'][0]}}"
+    port: 9200
+    state: started
+    delay: 5
+
diff --git a/roles/opensearches/tasks/stop.yml b/roles/opensearches/tasks/stop.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ef215d3c810bfbb1609efe9c38748718e590ec36
--- /dev/null
+++ b/roles/opensearches/tasks/stop.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Stop OpenDistro for Opensearch
+  remote_user: root
+  command: "supervisorctl stop opensearch"
+
diff --git a/roles/opensearches/tasks/update-config.yml b/roles/opensearches/tasks/update-config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..3d4e50310de4464eaa73f031d86d8e80d77aef48
--- /dev/null
+++ b/roles/opensearches/tasks/update-config.yml
@@ -0,0 +1,22 @@
+---
+
+- name: Configure opensearch properties
+  remote_user: opensearch
+  template:
+    src: "config/{{item}}.j2"
+    dest: "config/{{item}}"
+  with_items:
+    - opensearch.yml
+    - jvm.options
+    - log4j2.properties
+
+- name: Configure opensearch_security properties
+  remote_user: opensearch
+  template:
+    src: "securityconfig/{{item}}.j2"
+    dest: "config/opensearch-security/{{item}}"
+  with_items:
+    - internal_users.yml
+    - config.yml
+    - roles_mapping.yml
+
diff --git a/roles/opensearches/templates/config/elasticsearch.yml.j2 b/roles/opensearches/templates/config/elasticsearch.yml.j2
new file mode 100644
index 0000000000000000000000000000000000000000..1b487fb8f8abad32933fb687017d87e87a3aa150
--- /dev/null
+++ b/roles/opensearches/templates/config/elasticsearch.yml.j2
@@ -0,0 +1,56 @@
+cluster.name: "soctools-cluster"
+path.logs: /opt/opensearch/logs
+network.host: {{ inventory_hostname }}
+http.port: 9200
+transport.port: 9300
+
+discovery.seed_hosts:
+{% for opensearches in groups['opensearchescontainers'] %}
+  - {{ opensearches }}
+{% endfor %}
+
+cluster.initial_master_nodes:
+{% for opensearches in groups['opensearchescontainers'] %}
+  - {{ opensearches }}
+{% endfor %}
+
+cluster.initial_cluster_manager_nodes:
+{% for opensearches in groups['opensearchescontainers'] %}
+  - {{ opensearches }}
+{% endfor %}
+
+plugins.security.ssl.transport.keystore_type: pkcs12
+plugins.security.ssl.transport.keystore_filepath: {{ inventory_hostname }}.p12
+plugins.security.ssl.transport.keystore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}"
+
+plugins.security.ssl.transport.truststore_type: jks
+plugins.security.ssl.transport.truststore_filepath: cacerts.jks
+plugins.security.ssl.transport.truststore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
+plugins.security.ssl.transport.enforce_hostname_verification: false
+
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.http.keystore_type: pkcs12
+plugins.security.ssl.http.keystore_filepath: {{ inventory_hostname }}.p12
+plugins.security.ssl.http.keystore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}"
+plugins.security.ssl.http.truststore_type: jks
+plugins.security.ssl.http.truststore_filepath: cacerts.jks
+plugins.security.ssl.http.truststore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
+
+plugins.security.allow_unsafe_democertificates: true
+plugins.security.allow_default_init_securityindex: true
+
+plugins.security.authcz.admin_dn:
+  - "{{soctools_users[0].DN}}"
+
+plugins.security.nodes_dn:
+{% for opensearches in groups['opensearchescontainers'] %}
+  - "CN={{ opensearches }}"
+{% endfor %}
+
+plugins.security.audit.type: internal_opensearch
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
+plugins.security.system_indices.enabled: true
+plugins.security.system_indices.indices: [".plugins-ml-model", ".plugins-ml-task", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
+node.max_local_storage_nodes: 3
diff --git a/roles/opensearches/templates/config/jvm.options.j2 b/roles/opensearches/templates/config/jvm.options.j2
new file mode 100644
index 0000000000000000000000000000000000000000..4e8d95ab5ab8b4885c08d6e0f5f8a9873b9bfe51
--- /dev/null
+++ b/roles/opensearches/templates/config/jvm.options.j2
@@ -0,0 +1,86 @@
+## JVM configuration
+
+################################################################
+## IMPORTANT: JVM heap size
+################################################################
+##
+## You should always set the min and max JVM heap
+## size to the same value. For example, to set
+## the heap to 4 GB, set:
+##
+## -Xms4g
+## -Xmx4g
+##
+## See https://opensearch.org/docs/opensearch/install/important-settings/
+## for more information
+##
+################################################################
+
+# Xms represents the initial size of total heap space
+# Xmx represents the maximum size of total heap space
+
+-Xms{{openserach_javamem}}
+-Xmx{{openserach_javamem}}
+
+################################################################
+## Expert settings
+################################################################
+##
+## All settings below this section are considered
+## expert settings. Don't tamper with them unless
+## you understand what you are doing
+##
+################################################################
+
+## GC configuration
+8-10:-XX:+UseConcMarkSweepGC
+8-10:-XX:CMSInitiatingOccupancyFraction=75
+8-10:-XX:+UseCMSInitiatingOccupancyOnly
+
+## G1GC Configuration
+# NOTE: G1 GC is only supported on JDK version 10 or later
+# to use G1GC, uncomment the next two lines and update the version on the
+# following three lines to your version of the JDK
+# 10:-XX:-UseConcMarkSweepGC
+# 10:-XX:-UseCMSInitiatingOccupancyOnly
+11-:-XX:+UseG1GC
+11-:-XX:G1ReservePercent=25
+11-:-XX:InitiatingHeapOccupancyPercent=30
+
+## JVM temporary directory
+-Djava.io.tmpdir=${OPENSEARCH_TMPDIR}
+
+## heap dumps
+
+# generate a heap dump when an allocation from the Java heap fails
+# heap dumps are created in the working directory of the JVM
+-XX:+HeapDumpOnOutOfMemoryError
+
+# specify an alternative path for heap dumps; ensure the directory exists and
+# has sufficient space
+-XX:HeapDumpPath=data
+
+# specify an alternative path for JVM fatal error logs
+-XX:ErrorFile=logs/hs_err_pid%p.log
+
+## JDK 8 GC logging
+8:-XX:+PrintGCDetails
+8:-XX:+PrintGCDateStamps
+8:-XX:+PrintTenuringDistribution
+8:-XX:+PrintGCApplicationStoppedTime
+8:-Xloggc:logs/gc.log
+8:-XX:+UseGCLogFileRotation
+8:-XX:NumberOfGCLogFiles=32
+8:-XX:GCLogFileSize=64m
+
+# JDK 9+ GC logging
+9-:-Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m
+
+# Explicitly allow security manager (https://bugs.openjdk.java.net/browse/JDK-8270380)
+18-:-Djava.security.manager=allow
+
+## OpenSearch Performance Analyzer
+-Dclk.tck=100
+-Djdk.attach.allowAttachSelf=true
+-Djava.security.policy=/opt/opensearch-2.3.0/config/opensearch-performance-analyzer/opensearch_security.policy
+--add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED
diff --git a/roles/opensearches/templates/config/log4j2.properties.j2 b/roles/opensearches/templates/config/log4j2.properties.j2
new file mode 100644
index 0000000000000000000000000000000000000000..bb27aaf2e22e6fba3536773d285f4ac0c78b67fa
--- /dev/null
+++ b/roles/opensearches/templates/config/log4j2.properties.j2
@@ -0,0 +1,234 @@
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# The OpenSearch Contributors require contributions made to
+# this file be licensed under the Apache-2.0 license or a
+# compatible open source license.
+#
+# Modifications Copyright OpenSearch Contributors. See
+# GitHub history for details.
+#
+
+status = error
+
+appender.console.type = Console
+appender.console.name = console
+appender.console.layout.type = PatternLayout
+appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
+
+######## Server JSON ############################
+appender.rolling.type = RollingFile
+appender.rolling.name = rolling
+appender.rolling.fileName = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}_server.json
+appender.rolling.filePermissions = rw-r-----
+appender.rolling.layout.type = OpenSearchJsonLayout
+appender.rolling.layout.type_name = server
+
+appender.rolling.filePattern = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}-%d{yyyy-MM-dd}-%i.json.gz
+appender.rolling.policies.type = Policies
+appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
+appender.rolling.policies.time.interval = 1
+appender.rolling.policies.time.modulate = true
+appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
+appender.rolling.policies.size.size = 128MB
+appender.rolling.strategy.type = DefaultRolloverStrategy
+appender.rolling.strategy.fileIndex = nomax
+appender.rolling.strategy.action.type = Delete
+appender.rolling.strategy.action.basepath = ${sys:opensearch.logs.base_path}
+appender.rolling.strategy.action.condition.type = IfFileName
+appender.rolling.strategy.action.condition.glob = ${sys:opensearch.logs.cluster_name}-*
+appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize
+appender.rolling.strategy.action.condition.nested_condition.exceeds = 2GB
+################################################
+######## Server -  old style pattern ###########
+appender.rolling_old.type = RollingFile
+appender.rolling_old.name = rolling_old
+appender.rolling_old.fileName = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}.log
+appender.rolling_old.filePermissions = rw-r-----
+appender.rolling_old.layout.type = PatternLayout
+appender.rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
+
+appender.rolling_old.filePattern = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}-%d{yyyy-MM-dd}-%i.log.gz
+appender.rolling_old.policies.type = Policies
+appender.rolling_old.policies.time.type = TimeBasedTriggeringPolicy
+appender.rolling_old.policies.time.interval = 1
+appender.rolling_old.policies.time.modulate = true
+appender.rolling_old.policies.size.type = SizeBasedTriggeringPolicy
+appender.rolling_old.policies.size.size = 128MB
+appender.rolling_old.strategy.type = DefaultRolloverStrategy
+appender.rolling_old.strategy.fileIndex = nomax
+appender.rolling_old.strategy.action.type = Delete
+appender.rolling_old.strategy.action.basepath = ${sys:opensearch.logs.base_path}
+appender.rolling_old.strategy.action.condition.type = IfFileName
+appender.rolling_old.strategy.action.condition.glob = ${sys:opensearch.logs.cluster_name}-*
+appender.rolling_old.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize
+appender.rolling_old.strategy.action.condition.nested_condition.exceeds = 2GB
+################################################
+
+rootLogger.level = info
+rootLogger.appenderRef.console.ref = console
+rootLogger.appenderRef.rolling.ref = rolling
+rootLogger.appenderRef.rolling_old.ref = rolling_old
+
+######## Deprecation JSON #######################
+appender.deprecation_rolling.type = RollingFile
+appender.deprecation_rolling.name = deprecation_rolling
+appender.deprecation_rolling.fileName = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}_deprecation.json
+appender.deprecation_rolling.filePermissions = rw-r-----
+appender.deprecation_rolling.layout.type = OpenSearchJsonLayout
+appender.deprecation_rolling.layout.type_name = deprecation
+appender.deprecation_rolling.layout.opensearchmessagefields=x-opaque-id
+appender.deprecation_rolling.filter.rate_limit.type = RateLimitingFilter
+
+appender.deprecation_rolling.filePattern = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}_deprecation-%i.json.gz
+appender.deprecation_rolling.policies.type = Policies
+appender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicy
+appender.deprecation_rolling.policies.size.size = 1GB
+appender.deprecation_rolling.strategy.type = DefaultRolloverStrategy
+appender.deprecation_rolling.strategy.max = 4
+
+appender.header_warning.type = HeaderWarningAppender
+appender.header_warning.name = header_warning
+#################################################
+######## Deprecation -  old style pattern #######
+appender.deprecation_rolling_old.type = RollingFile
+appender.deprecation_rolling_old.name = deprecation_rolling_old
+appender.deprecation_rolling_old.fileName = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}_deprecation.log
+appender.deprecation_rolling_old.filePermissions = rw-r-----
+appender.deprecation_rolling_old.layout.type = PatternLayout
+appender.deprecation_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
+
+appender.deprecation_rolling_old.filePattern = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}\
+  _deprecation-%i.log.gz
+appender.deprecation_rolling_old.policies.type = Policies
+appender.deprecation_rolling_old.policies.size.type = SizeBasedTriggeringPolicy
+appender.deprecation_rolling_old.policies.size.size = 1GB
+appender.deprecation_rolling_old.strategy.type = DefaultRolloverStrategy
+appender.deprecation_rolling_old.strategy.max = 4
+#################################################
+logger.deprecation.name = org.opensearch.deprecation
+logger.deprecation.level = deprecation
+logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling
+logger.deprecation.appenderRef.deprecation_rolling_old.ref = deprecation_rolling_old
+logger.deprecation.appenderRef.header_warning.ref = header_warning
+logger.deprecation.additivity = false
+
+######## Search slowlog JSON ####################
+appender.index_search_slowlog_rolling.type = RollingFile
+appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling
+appender.index_search_slowlog_rolling.fileName = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs\
+  .cluster_name}_index_search_slowlog.json
+appender.index_search_slowlog_rolling.filePermissions = rw-r-----
+appender.index_search_slowlog_rolling.layout.type = OpenSearchJsonLayout
+appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog
+appender.index_search_slowlog_rolling.layout.opensearchmessagefields=message,took,took_millis,total_hits,types,stats,search_type,total_shards,source,id
+
+appender.index_search_slowlog_rolling.filePattern = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs\
+  .cluster_name}_index_search_slowlog-%i.json.gz
+appender.index_search_slowlog_rolling.policies.type = Policies
+appender.index_search_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy
+appender.index_search_slowlog_rolling.policies.size.size = 1GB
+appender.index_search_slowlog_rolling.strategy.type = DefaultRolloverStrategy
+appender.index_search_slowlog_rolling.strategy.max = 4
+#################################################
+######## Search slowlog -  old style pattern ####
+appender.index_search_slowlog_rolling_old.type = RollingFile
+appender.index_search_slowlog_rolling_old.name = index_search_slowlog_rolling_old
+appender.index_search_slowlog_rolling_old.fileName = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}\
+  _index_search_slowlog.log
+appender.index_search_slowlog_rolling_old.filePermissions = rw-r-----
+appender.index_search_slowlog_rolling_old.layout.type = PatternLayout
+appender.index_search_slowlog_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
+
+appender.index_search_slowlog_rolling_old.filePattern = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}\
+  _index_search_slowlog-%i.log.gz
+appender.index_search_slowlog_rolling_old.policies.type = Policies
+appender.index_search_slowlog_rolling_old.policies.size.type = SizeBasedTriggeringPolicy
+appender.index_search_slowlog_rolling_old.policies.size.size = 1GB
+appender.index_search_slowlog_rolling_old.strategy.type = DefaultRolloverStrategy
+appender.index_search_slowlog_rolling_old.strategy.max = 4
+#################################################
+logger.index_search_slowlog_rolling.name = index.search.slowlog
+logger.index_search_slowlog_rolling.level = trace
+logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling
+logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling_old.ref = index_search_slowlog_rolling_old
+logger.index_search_slowlog_rolling.additivity = false
+
+######## Indexing slowlog JSON ##################
+appender.index_indexing_slowlog_rolling.type = RollingFile
+appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling
+appender.index_indexing_slowlog_rolling.fileName = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}\
+  _index_indexing_slowlog.json
+appender.index_indexing_slowlog_rolling.filePermissions = rw-r-----
+appender.index_indexing_slowlog_rolling.layout.type = OpenSearchJsonLayout
+appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog
+appender.index_indexing_slowlog_rolling.layout.opensearchmessagefields=message,took,took_millis,doc_type,id,routing,source
+
+appender.index_indexing_slowlog_rolling.filePattern = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}\
+  _index_indexing_slowlog-%i.json.gz
+appender.index_indexing_slowlog_rolling.policies.type = Policies
+appender.index_indexing_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy
+appender.index_indexing_slowlog_rolling.policies.size.size = 1GB
+appender.index_indexing_slowlog_rolling.strategy.type = DefaultRolloverStrategy
+appender.index_indexing_slowlog_rolling.strategy.max = 4
+#################################################
+######## Indexing slowlog -  old style pattern ##
+appender.index_indexing_slowlog_rolling_old.type = RollingFile
+appender.index_indexing_slowlog_rolling_old.name = index_indexing_slowlog_rolling_old
+appender.index_indexing_slowlog_rolling_old.fileName = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}\
+  _index_indexing_slowlog.log
+appender.index_indexing_slowlog_rolling_old.filePermissions = rw-r-----
+appender.index_indexing_slowlog_rolling_old.layout.type = PatternLayout
+appender.index_indexing_slowlog_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
+
+appender.index_indexing_slowlog_rolling_old.filePattern = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}\
+  _index_indexing_slowlog-%i.log.gz
+appender.index_indexing_slowlog_rolling_old.policies.type = Policies
+appender.index_indexing_slowlog_rolling_old.policies.size.type = SizeBasedTriggeringPolicy
+appender.index_indexing_slowlog_rolling_old.policies.size.size = 1GB
+appender.index_indexing_slowlog_rolling_old.strategy.type = DefaultRolloverStrategy
+appender.index_indexing_slowlog_rolling_old.strategy.max = 4
+#################################################
+
+logger.index_indexing_slowlog.name = index.indexing.slowlog.index
+logger.index_indexing_slowlog.level = trace
+logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling
+logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling_old.ref = index_indexing_slowlog_rolling_old
+logger.index_indexing_slowlog.additivity = false
+
+######## Task details log JSON ####################
+appender.task_detailslog_rolling.type = RollingFile
+appender.task_detailslog_rolling.name = task_detailslog_rolling
+appender.task_detailslog_rolling.fileName = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}_task_detailslog.json
+appender.task_detailslog_rolling.filePermissions = rw-r-----
+appender.task_detailslog_rolling.layout.type = OpenSearchJsonLayout
+appender.task_detailslog_rolling.layout.type_name = task_detailslog
+appender.task_detailslog_rolling.layout.opensearchmessagefields=taskId,type,action,description,start_time_millis,resource_stats,metadata
+
+appender.task_detailslog_rolling.filePattern = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}_task_detailslog-%i.json.gz
+appender.task_detailslog_rolling.policies.type = Policies
+appender.task_detailslog_rolling.policies.size.type = SizeBasedTriggeringPolicy
+appender.task_detailslog_rolling.policies.size.size = 1GB
+appender.task_detailslog_rolling.strategy.type = DefaultRolloverStrategy
+appender.task_detailslog_rolling.strategy.max = 4
+#################################################
+######## Task details log -  old style pattern ####
+appender.task_detailslog_rolling_old.type = RollingFile
+appender.task_detailslog_rolling_old.name = task_detailslog_rolling_old
+appender.task_detailslog_rolling_old.fileName = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}_task_detailslog.log
+appender.task_detailslog_rolling_old.filePermissions = rw-r-----
+appender.task_detailslog_rolling_old.layout.type = PatternLayout
+appender.task_detailslog_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n
+
+appender.task_detailslog_rolling_old.filePattern = ${sys:opensearch.logs.base_path}${sys:file.separator}${sys:opensearch.logs.cluster_name}_task_detailslog-%i.log.gz
+appender.task_detailslog_rolling_old.policies.type = Policies
+appender.task_detailslog_rolling_old.policies.size.type = SizeBasedTriggeringPolicy
+appender.task_detailslog_rolling_old.policies.size.size = 1GB
+appender.task_detailslog_rolling_old.strategy.type = DefaultRolloverStrategy
+appender.task_detailslog_rolling_old.strategy.max = 4
+#################################################
+logger.task_detailslog_rolling.name = task.detailslog
+logger.task_detailslog_rolling.level = trace
+logger.task_detailslog_rolling.appenderRef.task_detailslog_rolling.ref = task_detailslog_rolling
+logger.task_detailslog_rolling.appenderRef.task_detailslog_rolling_old.ref = task_detailslog_rolling_old
+logger.task_detailslog_rolling.additivity = false
diff --git a/roles/odfees/templates/securityconfig/action_groups.yml b/roles/opensearches/templates/securityconfig/action_groups.yml
similarity index 100%
rename from roles/odfees/templates/securityconfig/action_groups.yml
rename to roles/opensearches/templates/securityconfig/action_groups.yml
diff --git a/roles/odfees/templates/securityconfig/config.yml.j2 b/roles/opensearches/templates/securityconfig/config.yml.j2
similarity index 98%
rename from roles/odfees/templates/securityconfig/config.yml.j2
rename to roles/opensearches/templates/securityconfig/config.yml.j2
index 49368676333bb6153b32e988dcd9bd60764426b2..f4449c962c961b554359ff27938c2bf8d9f50b1f 100644
--- a/roles/odfees/templates/securityconfig/config.yml.j2
+++ b/roles/opensearches/templates/securityconfig/config.yml.j2
@@ -1,6 +1,6 @@
 ---
 
-# This is the main Open Distro Security configuration file where authentication
+# This is the main OpenSearch Security configuration file where authentication
 # and authorization is defined.
 #
 # You need to configure at least one authentication domain in the authc of this file.
@@ -114,12 +114,12 @@ config:
           type: openid
           challenge: false
           config:
-            subject_key: {{openid_subjkey}} 
+            subject_key: {{openid_subjkey}}
             roles_key: roles
             openid_connect_url: https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration
             enable_ssl: true
             verify_hostnames: false
-            pemtrustedcas_filepath: "/usr/share/elasticsearch/config/{{ca_cn}}.crt"
+            pemtrustedcas_filepath: "/opt/opensearch/config/{{ca_cn}}.crt"
         authentication_backend:
           type: noop
       proxy_auth_domain:
diff --git a/roles/odfees/templates/securityconfig/elasticsearch.yml.example b/roles/opensearches/templates/securityconfig/elasticsearch.yml.example
similarity index 100%
rename from roles/odfees/templates/securityconfig/elasticsearch.yml.example
rename to roles/opensearches/templates/securityconfig/elasticsearch.yml.example
diff --git a/roles/odfees/templates/securityconfig/internal_users.yml.j2 b/roles/opensearches/templates/securityconfig/internal_users.yml.j2
similarity index 66%
rename from roles/odfees/templates/securityconfig/internal_users.yml.j2
rename to roles/opensearches/templates/securityconfig/internal_users.yml.j2
index 8b16954ae73b49503bbf0f03e6c7b53f2bfa9675..2d35e93a638062e86c563065916d99373b901517 100644
--- a/roles/odfees/templates/securityconfig/internal_users.yml.j2
+++ b/roles/opensearches/templates/securityconfig/internal_users.yml.j2
@@ -23,13 +23,20 @@ cortex:
   backend_roles:
   - "admin"
 #  - "own_index"
-#  - "readall"
-  description: "Cortex user"
+#  #  - "readall"
+#    description: "Cortex user"
+
+anomalyadmin:
+  hash: "$2y$12$TRwAAJgnNo67w3rVUz4FIeLx9Dy/llB79zf9I15CKJ9vkM4ZzAd3."
+  reserved: false
+  opendistro_security_roles:
+  - "anomaly_full_access"
+  description: "Demo anomaly admin user, using internal role"
 
 kibanaserver:
   hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
   reserved: true
-  description: "Demo kibanaserver user"
+  description: "Demo OpenSearch Dashboards user"
 
 kibanaro:
   hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
@@ -41,25 +48,25 @@ kibanaro:
     attribute1: "value1"
     attribute2: "value2"
     attribute3: "value3"
-  description: "Demo kibanaro user"
+  description: "Demo OpenSearch Dashboards read only user, using external role mapping"
 
 logstash:
   hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
   reserved: false
   backend_roles:
   - "logstash"
-  description: "Demo logstash user"
+  description: "Demo logstash user, using external role mapping"
 
 readall:
   hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
   reserved: false
   backend_roles:
   - "readall"
-  description: "Demo readall user"
+  description: "Demo readall user, using external role mapping"
 
 snapshotrestore:
   hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
   reserved: false
   backend_roles:
   - "snapshotrestore"
-  description: "Demo snapshotrestore user"
+  description: "Demo snapshotrestore user, using external role mapping"
diff --git a/roles/odfees/templates/securityconfig/roles.yml b/roles/opensearches/templates/securityconfig/roles.yml
similarity index 100%
rename from roles/odfees/templates/securityconfig/roles.yml
rename to roles/opensearches/templates/securityconfig/roles.yml
diff --git a/roles/odfees/templates/securityconfig/roles_mapping.yml.j2 b/roles/opensearches/templates/securityconfig/roles_mapping.yml.j2
similarity index 83%
rename from roles/odfees/templates/securityconfig/roles_mapping.yml.j2
rename to roles/opensearches/templates/securityconfig/roles_mapping.yml.j2
index e044f14621d63c43a135c56ce3cd6883939ebc8e..dd80b581a4a35c7365ac287e5e9257db4b62d04b 100644
--- a/roles/odfees/templates/securityconfig/roles_mapping.yml.j2
+++ b/roles/opensearches/templates/securityconfig/roles_mapping.yml.j2
@@ -1,6 +1,6 @@
 ---
-# In this file users, backendroles and hosts can be mapped to Open Distro Security roles.
-# Permissions for Opendistro roles are configured in roles.yml
+# In this file users, backendroles and hosts can be mapped to Security roles.
+# Permissions for OpenSearch roles are configured in roles.yml
 
 _meta:
   type: "rolesmapping"
diff --git a/roles/odfees/templates/securityconfig/tenants.yml b/roles/opensearches/templates/securityconfig/tenants.yml
similarity index 100%
rename from roles/odfees/templates/securityconfig/tenants.yml
rename to roles/opensearches/templates/securityconfig/tenants.yml
diff --git a/roles/odfekibana/vars/main.yml b/roles/opensearches/vars/main.yml
similarity index 100%
rename from roles/odfekibana/vars/main.yml
rename to roles/opensearches/vars/main.yml
diff --git a/soctools.yml b/soctools.yml
index 4636ad1cde4f44f262b00adbdd3bbc03afb35a4d..f8391c1ff4409a51c1f265a3ac3f1a48630902a0 100644
--- a/soctools.yml
+++ b/soctools.yml
@@ -10,19 +10,19 @@
 
 - name: Start soctools cluster
   import_playbook: startsoctools.yml
-  when: "'start' in ansible_run_tags or 'config' in ansible_run_tags or 'start-thehive' in ansible_run_tags or 'start-keycloak' in ansible_run_tags or 'start-cortex' in ansible_run_tags or 'start-haproxy' in ansible_run_tags or 'start-cassandra' in ansible_run_tags or 'start-filebeat' in ansible_run_tags or 'start-misp' in ansible_run_tags or 'start-mysql' in ansible_run_tags or 'start-nifi' in ansible_run_tags or 'start-odfees' in ansible_run_tags or 'start-odfekibana' in ansible_run_tags"
+  when: "'start' in ansible_run_tags or 'config' in ansible_run_tags or 'start-thehive' in ansible_run_tags or 'start-keycloak' in ansible_run_tags or 'start-cortex' in ansible_run_tags or 'start-haproxy' in ansible_run_tags or 'start-cassandra' in ansible_run_tags or 'start-filebeat' in ansible_run_tags or 'start-misp' in ansible_run_tags or 'start-mysql' in ansible_run_tags or 'start-nifi' in ansible_run_tags or 'start-opensearches' in ansible_run_tags or 'start-opensearch-dashboards' in ansible_run_tags"
 
 - name: Stop soctools cluster
   import_playbook: stopsoctools.yml
-  when: "'stop' in ansible_run_tags or 'stop-thehive' in ansible_run_tags or 'stop-keycloak' in ansible_run_tags or 'stop-cortex' in ansible_run_tags or 'stop-haproxy' in ansible_run_tags or 'stop-cassandra' in ansible_run_tags or 'stop-filebeat' in ansible_run_tags or 'stop-misp' in ansible_run_tags or 'stop-mysql' in ansible_run_tags or 'stop-nifi' in ansible_run_tags or 'stop-odfees' in ansible_run_tags or 'stop-odfekibana' in ansible_run_tags"
+  when: "'stop' in ansible_run_tags or 'stop-thehive' in ansible_run_tags or 'stop-keycloak' in ansible_run_tags or 'stop-cortex' in ansible_run_tags or 'stop-haproxy' in ansible_run_tags or 'stop-cassandra' in ansible_run_tags or 'stop-filebeat' in ansible_run_tags or 'stop-misp' in ansible_run_tags or 'stop-mysql' in ansible_run_tags or 'stop-nifi' in ansible_run_tags or 'stop-opensearches' in ansible_run_tags or 'stop-opensearch-dashboards' in ansible_run_tags"
 
 - name: Update soctools cluster configs
   import_playbook: update-config-soctools.yml
-  when: "'update-config' in ansible_run_tags or 'update-keycloak-config' in ansible_run_tags or 'update-thehive-config' in ansible_run_tags or 'update-cortex-config' in ansible_run_tags or 'update-haproxy-config-acl' in ansible_run_tags or 'update-cassandra-config' in ansible_run_tags or 'update-filebeat-config' in ansible_run_tags or 'update-misp-config' in ansible_run_tags or 'update-mysql-config' in ansible_run_tags or 'update-nifi-config' in ansible_run_tags or 'update-odfees-config' in ansible_run_tags or 'update-odfekibana-config' in ansible_run_tags"
+  when: "'update-config' in ansible_run_tags or 'update-keycloak-config' in ansible_run_tags or 'update-thehive-config' in ansible_run_tags or 'update-cortex-config' in ansible_run_tags or 'update-haproxy-config-acl' in ansible_run_tags or 'update-cassandra-config' in ansible_run_tags or 'update-filebeat-config' in ansible_run_tags or 'update-misp-config' in ansible_run_tags or 'update-mysql-config' in ansible_run_tags or 'update-nifi-config' in ansible_run_tags or 'update-opensearches-config' in ansible_run_tags or 'update-opensearch-dashboards-config' in ansible_run_tags"
 
 - name: restart soctools cluster servics
   import_playbook: restart-soctools.yml
-  when: "'restart' in ansible_run_tags or 'restart-thehive' in ansible_run_tags or 'restart-keycloak' in ansible_run_tags or 'restart-cortex' in ansible_run_tags or 'restart-haproxy' in ansible_run_tags or 'restart-cassandra' in ansible_run_tags or 'restart-filebeat' in ansible_run_tags or 'restart-misp' in ansible_run_tags or 'restart-mysql' in ansible_run_tags or 'restart-nifi' in ansible_run_tags or 'restart-odfees' in ansible_run_tags or 'restart-odfekibana' in ansible_run_tags"
+  when: "'restart' in ansible_run_tags or 'restart-thehive' in ansible_run_tags or 'restart-keycloak' in ansible_run_tags or 'restart-cortex' in ansible_run_tags or 'restart-haproxy' in ansible_run_tags or 'restart-cassandra' in ansible_run_tags or 'restart-filebeat' in ansible_run_tags or 'restart-misp' in ansible_run_tags or 'restart-mysql' in ansible_run_tags or 'restart-nifi' in ansible_run_tags or 'restart-opensearches' in ansible_run_tags or 'restart-opensearch-dashboards' in ansible_run_tags"
 
 - name: create thehive users
   import_playbook: create-thehive-users.yml
diff --git a/startsoctools.yml b/startsoctools.yml
index 2549876244bc4783a447f474c7a2a13a2a6c0313..a0cc41a02357d71ca487104e15e926c2bf427df6 100644
--- a/startsoctools.yml
+++ b/startsoctools.yml
@@ -40,13 +40,13 @@
   roles:
     - cortex
 
-- name: Start OpenDistro for Elasticsearch
-  hosts: odfeescontainers
+- name: Start Opensearch
+  hosts: opensearchescontainers
   roles:
-    - odfees
+    - opensearches
 
-- name: Start OpenDistro Kibana for Elasticsearch
-  hosts: odfekibanacontainers
+- name: Start Opensearch Kibana
+  hosts: opensearchdashboardscontainers
   roles:
-    - odfekibana
+    - opensearch-dashboards
 
diff --git a/stopsoctools.yml b/stopsoctools.yml
index 8d28f6ed69ef08c23a008b8c36c653f811ec5783..e50ada3c82bc02ffb7b9ec0aea2916d679e4899f 100644
--- a/stopsoctools.yml
+++ b/stopsoctools.yml
@@ -45,12 +45,12 @@
   roles:
     - cortex
 
-- name: Stop OpenDistro for Elasticsearch
-  hosts: odfeescontainers
+- name: Stop Opensearch
+  hosts: opensearchescontainers
   roles:
-    - odfees
+    - opensearches
 
-- name: Stop OpenDistro Kibana for Elasticsearch
-  hosts: odfekibanacontainers
+- name: Stop Opensearch
+  hosts: opensearchdashboardscontainers
   roles:
-    - odfekibana
+    - opensearch-dashboards
diff --git a/update-config-soctools.yml b/update-config-soctools.yml
index 138f664fee2eb1a9d882a7ebf0b8f9e390bb1e72..742adee110d2637265b1bca12cd21bc9aed8f28f 100644
--- a/update-config-soctools.yml
+++ b/update-config-soctools.yml
@@ -25,15 +25,15 @@
   roles:
     - nifi
 
-- name: Update Configs for OpenDistro for Elasticsearch
-  hosts: odfeescontainers
+- name: Update Configs for Opensearch
+  hosts: opensearchescontainers
   roles:
-    - odfees
+    - opensearches
 
-- name: Update Configs for OpenDistro Kibana for Elasticsearch
-  hosts: odfekibanacontainers
+- name: Update Configs for Opensearch Kibana
+  hosts: opensearchdashboardscontainers
   roles:
-    - odfekibana
+    - opensearch-dashboards
 
 - name: Update Configs for MISP
   hosts: mispcontainers
diff --git a/utils/flow2template.py b/utils/flow2template.py
index b2018328c6ccf5d7c53bf75645c3f44122cc4ba2..3a6f1fe83f34afcd67d67c84de0fd3ab06e3ca39 100755
--- a/utils/flow2template.py
+++ b/utils/flow2template.py
@@ -23,7 +23,7 @@ for v in et.findall(".//variable"):
     elif a['name']=="elastic_username":
         a['value']="{{ elastic_username }}"
     elif a['name']=="elastic_password":
-        a['value']="{{lookup('password', '{{playbook_dir}}/secrets/passwords/odfees_adminpass')}}"
+        a['value']="{{lookup('password', '{{playbook_dir}}/secrets/passwords/opensearches_adminpass')}}"
 
 for v in et.findall(".//controllerService[name='Soctools CA']/property[name='Truststore Password']/value"):
     v.text="{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"