diff --git a/README.md b/README.md
index 1be25fd4f0d088560c31dfe5368b4c31a6b10d72..0a3d6708fba768a0427b81279f29da47e09ec306 100644
--- a/README.md
+++ b/README.md
@@ -24,13 +24,13 @@ Edit group_vars/all/main.yml and change 'dslproxy' so that it point to the FQDN
 The first entry in the soctools_users variable is the user with full admin privileges in NiFi and Kibana.
 
 To configure the server running soctools, run the ansible playbook:  
-`ansible-playbook -i soctools-inventory soctools_server.yml`
+`ansible-playbook -i inventories soctools_server.yml`
 
 To build the Docker images needed, run the ansible playbook:  
-`ansible-playbook -i soctools-inventory buildimages.yml`
+`ansible-playbook -i inventories buildimages.yml`
 
 To build the CA needed for host and user certificates, run the ansible playbook:  
-`ansible-playbook -i soctools-inventory buildca.yml`
+`ansible-playbook -i inventories buildca.yml`
 
 If using soclab CA certificates provided with this installation, you first need to download and import root certificate found at roles/ca/files/CA/ca.crt. 
 For Windows, CA certificate should be installed in Trusted Root Certification Authorities store. 
@@ -39,10 +39,10 @@ User certificates are can be found in the directory roles/ca/files/CA/private. I
 For Windows, user certificate should be installed in Personal store. 
 
 To start the cluster, run the ansible playbook soctools.yml:  
-`ansible-playbook -i soctools-inventory soctools.yml -t start`
+`ansible-playbook -i inventories soctools.yml -t start`
 
 To stop the cluster, run the ansible playbook soctools.yml:  
-`ansible-playbook -i soctools-inventory soctools.yml -t stop`
+`ansible-playbook -i inventories soctools.yml -t stop`
 
 Web interfaces are available on the following ports:
  * 9443 - NiFi
diff --git a/inventories/build/group_vars/all.yml b/inventories/build/group_vars/all.yml
deleted file mode 100644
index 704323666712c480e383ad2c4bf695794b1c6cb0..0000000000000000000000000000000000000000
--- a/inventories/build/group_vars/all.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-
-docker_image_path: images
-base_image: python:2.7-stretch
diff --git a/inventories/build/hosts.yml b/inventories/build/hosts.yml
deleted file mode 100644
index 485463850c4bf51c14826fb6b13adbad2a1a18ed..0000000000000000000000000000000000000000
--- a/inventories/build/hosts.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-all:
-  hosts:
-    nifi-image:
-      ansible_connection: docker
-      ansible_python_interpreter: /usr/bin/python
-    localhost:
-      ansible_python_interpreter: /usr/bin/python
-      ansible_connection: local
-  children:
-    nifi:
-      hosts:
-        localhost:
diff --git a/inventories/cassandra b/inventories/cassandra
new file mode 100644
index 0000000000000000000000000000000000000000..82e7f1e6c1a8a8a4d16cd47bcdeb87158432657c
--- /dev/null
+++ b/inventories/cassandra
@@ -0,0 +1,2 @@
+[cassandra]
+dsoclab-cassandra ansible_connection=docker
diff --git a/inventories/cortex b/inventories/cortex
new file mode 100644
index 0000000000000000000000000000000000000000..aeedc48a40d42d256b5e644de5b90ea2680fef0c
--- /dev/null
+++ b/inventories/cortex
@@ -0,0 +1,2 @@
+[cortex]
+dsoclab-cortex ansible_connection=docker
diff --git a/inventories/deploy/group_vars/haproxy.yml b/inventories/deploy/group_vars/haproxy.yml
deleted file mode 100644
index b53d50d6b11f23d908ad3fe74b42e70f318e2119..0000000000000000000000000000000000000000
--- a/inventories/deploy/group_vars/haproxy.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-index: haproxy
-scale: "{{ haproxy_scale | default('1')}}"
-docker:
-  haproxy:
-    image: haproxy:latest
-    volumes:
-      - /usr/local/etc/haproxy/:/usr/local/etc/haproxy:ro
-    ports:
-      - "80:80"
-    source: pull
\ No newline at end of file
diff --git a/inventories/deploy/group_vars/nifi.yml b/inventories/deploy/group_vars/nifi.yml
deleted file mode 100644
index 5b718692a776eb9418de06d5c9bf18b8c1a5724b..0000000000000000000000000000000000000000
--- a/inventories/deploy/group_vars/nifi.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-index: nifi
-scale: "{{ nifi_scale | default('1')}}"
-docker:
-  nifi:
-#    image: nifi-soctools #For nifi image built by soctools
-#    source: load
-    image: apache/nifi:latest
-    source: pull
-    command: /opt/nifi/nifi-current/scripts/start.sh
-    env: 
-      NIFI_HOME: "/opt/nifi/nifi-current"
-      NIFI_LOG_DIR: "/opt/nifi/nifi-current/logs"
-      NIFI_PID_DIR: "/opt/nifi/nifi-current/run"
-      NIFI_CLUSTER_IS_NODE: "true"
-      NIFI_ZK_CONNECT_STRING: "zookeeper_1:2181"
-      NIFI_CLUSTER_NODE_PROTOCOL_PORT: "8082"
-      NIFI_ELECTION_MAX_WAIT: "1 min"
-    load_path: "{{ image_location }}/nifi-soctools.tar" 
diff --git a/inventories/deploy/group_vars/zookeeper.yml b/inventories/deploy/group_vars/zookeeper.yml
deleted file mode 100644
index 5604be8138d47975f9e1ed6fb075ebc27d392e13..0000000000000000000000000000000000000000
--- a/inventories/deploy/group_vars/zookeeper.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-index: zookeeper
-scale: "{{ zookeeper_scale | default('1')}}"
-docker:
-  zookeeper:
-    image: zookeeper:latest
-    source: pull
\ No newline at end of file
diff --git a/inventories/deploy/hosts.yml.example b/inventories/deploy/hosts.yml.example
deleted file mode 100644
index 7d85e5bdf3a5030bbfbd114016b78808000bcd73..0000000000000000000000000000000000000000
--- a/inventories/deploy/hosts.yml.example
+++ /dev/null
@@ -1,21 +0,0 @@
-all:
-  hosts:
-    host1:
-      ansible_ssh_user: debian
-      ansible_python_interpreter: /usr/bin/python
-      become: yes
-  children:
-    soctools_server:
-      hosts:
-        host1:
-    nifi:
-      hosts:
-        host1:
-          nifi_scale: 3
-    haproxy:
-      hosts:
-        host1:
-    zookeeper:
-      hosts:
-        host1:
-          zookeeper_scale: 3
\ No newline at end of file
diff --git a/inventories/elasticsearch b/inventories/elasticsearch
new file mode 100644
index 0000000000000000000000000000000000000000..5f4b7ded6cd315b35c574619cffdafe239fbb378
--- /dev/null
+++ b/inventories/elasticsearch
@@ -0,0 +1,3 @@
+[odfeescontainers]
+dsoclab-odfe-1 ansible_connection=docker
+dsoclab-odfe-2 ansible_connection=docker
diff --git a/inventories/filebeat b/inventories/filebeat
new file mode 100644
index 0000000000000000000000000000000000000000..eb6311630e164c21403ecf80e9390c49a629003b
--- /dev/null
+++ b/inventories/filebeat
@@ -0,0 +1,12 @@
+[filebeat]
+dsoclab-nifi-1 ansible_connection=docker FILEBEAT_FILES='["/opt/nifi/nifi-current/logs/nifi-app.log","/opt/nifi/nifi-current/logs/nifi-bootstrap.log","/opt/nifi/nifi-current/logs/nifi-user.log"]' FILEBEAT_LOG_TYPE="nifi"
+dsoclab-nifi-2 ansible_connection=docker FILEBEAT_FILES='["/opt/nifi/nifi-current/logs/nifi-app.log","/opt/nifi/nifi-current/logs/nifi-bootstrap.log","/opt/nifi/nifi-current/logs/nifi-user.log"]' FILEBEAT_LOG_TYPE="nifi"
+dsoclab-nifi-3 ansible_connection=docker FILEBEAT_FILES='["/opt/nifi/nifi-current/logs/nifi-app.log","/opt/nifi/nifi-current/logs/nifi-bootstrap.log","/opt/nifi/nifi-current/logs/nifi-user.log"]' FILEBEAT_LOG_TYPE="nifi"
+#dsoclab-odfe-1 ansible_connection=docker FILEBEAT_FILES='[""]'
+#dsoclab-odfe-2 ansible_connection=docker FILEBEAT_FILES='[""]'
+dsoclab-kibana ansible_connection=docker FILEBEAT_FILES='["/usr/share/kibana/kblog"]' FILEBEAT_LOG_TYPE="kibana"
+#dsoclab-keycloak ansible_connection=docker FILEBEAT_FILES='[""]'
+dsoclab-mysql ansible_connection=docker FILEBEAT_FILES='["/var/opt/rh/rh-mariadb103/log/mariadb/mariadb.log"]' FILEBEAT_LOG_TYPE="mysql"
+#dsoclab-misp ansible_connection=docker FILEBEAT_FILES='[""]'
+dsoclab-haproxy ansible_connection=docker FILEBEAT_SYSLOG_PORT=9000 FILEBEAT_LOG_TYPE="haproxy"
+#dsoclab-zookeeper ansible_connection=docker FILEBEAT_FILES='[""]'
diff --git a/inventories/haproxy b/inventories/haproxy
new file mode 100644
index 0000000000000000000000000000000000000000..b8ea6a7a98ef1830a3c9e3325b9f222ca3479880
--- /dev/null
+++ b/inventories/haproxy
@@ -0,0 +1,2 @@
+[haproxy]
+dsoclab-haproxy ansible_connection=docker
\ No newline at end of file
diff --git a/inventories/keycloak b/inventories/keycloak
new file mode 100644
index 0000000000000000000000000000000000000000..c2746ec3f1e8691c5f153a526229ae9417a979f9
--- /dev/null
+++ b/inventories/keycloak
@@ -0,0 +1,2 @@
+[keycloakcontainers]
+dsoclab-keycloak ansible_connection=docker
diff --git a/inventories/kibana b/inventories/kibana
new file mode 100644
index 0000000000000000000000000000000000000000..557280d755934082c50d14f2afef5f35fcf63bf3
--- /dev/null
+++ b/inventories/kibana
@@ -0,0 +1,2 @@
+[odfekibanacontainers]
+dsoclab-kibana ansible_connection=docker
diff --git a/inventories/misp b/inventories/misp
new file mode 100644
index 0000000000000000000000000000000000000000..331506d27ba5decc558906ead132ad2539918ff5
--- /dev/null
+++ b/inventories/misp
@@ -0,0 +1,2 @@
+[mispcontainers]
+dsoclab-misp ansible_connection=docker
diff --git a/inventories/mysql b/inventories/mysql
new file mode 100644
index 0000000000000000000000000000000000000000..f9dcc2455a3a2f44f4c6c02f99503fa8e85500ec
--- /dev/null
+++ b/inventories/mysql
@@ -0,0 +1,2 @@
+[mysql]
+dsoclab-mysql ansible_connection=docker
\ No newline at end of file
diff --git a/inventories/nifi b/inventories/nifi
new file mode 100644
index 0000000000000000000000000000000000000000..e2c7ff18e58bbd5b70056bb6c43692807febe697
--- /dev/null
+++ b/inventories/nifi
@@ -0,0 +1,4 @@
+[nificontainers]
+dsoclab-nifi-1 ansible_connection=docker
+dsoclab-nifi-2 ansible_connection=docker
+dsoclab-nifi-3 ansible_connection=docker
diff --git a/inventories/soctools b/inventories/soctools
new file mode 100644
index 0000000000000000000000000000000000000000..71a2d973d4714863feb8fb76cfe341e0673e685b
--- /dev/null
+++ b/inventories/soctools
@@ -0,0 +1,2 @@
+[dsldev]
+localhost ansible_connection=local
diff --git a/inventories/thehive b/inventories/thehive
new file mode 100644
index 0000000000000000000000000000000000000000..e19556d6137d67cb17fc28fb5b3ca3be3f10488e
--- /dev/null
+++ b/inventories/thehive
@@ -0,0 +1,2 @@
+[thehive]
+dsoclab-thehive ansible_connection=docker