diff --git a/roles/build/templates/odfekibana/Dockerfile-kibana.j2 b/roles/build/templates/odfekibana/Dockerfile-kibana.j2
index ef2a4768f809d02b8320cb90963ea701cbddec16..05a1c40b3ac3cb718e524cef5225102e7ece1e55 100644
--- a/roles/build/templates/odfekibana/Dockerfile-kibana.j2
+++ b/roles/build/templates/odfekibana/Dockerfile-kibana.j2
@@ -1,6 +1,6 @@
 FROM {{repo}}/centos:{{version}}{{suffix}}
 
-RUN yum install -y supervisor
+RUN yum install -y supervisor rsync
 RUN yum clean all
 
 ENV PATH="/usr/share/kibana/bin:${PATH}"
diff --git a/roles/odfekibana/tasks/main.yml b/roles/odfekibana/tasks/main.yml
index 2ff94161ae43e6bd3a7e7ccaee3cbe1098995eff..1662efd600ad1a43e47bc3c40acb09fe69599dda 100644
--- a/roles/odfekibana/tasks/main.yml
+++ b/roles/odfekibana/tasks/main.yml
@@ -1,215 +1,17 @@
 ---
 
-#- name: Create config directory
-#  file:
-#    name: config
-#    state: directory
-#    mode: 0700
-#  tags:
-#    - start
-
-- name: Copy cacert to ca-trust dir
-  remote_user: root
-  copy:
-    src: "{{playbook_dir}}/secrets/CA/ca.crt"
-    dest: /etc/pki/ca-trust/source/anchors/ca.crt
-  tags:
-    - start
-
-- name: Install cacert to root truststore
-  remote_user: root
-  command: "update-ca-trust"
-  tags:
-    - start
-
-- name: Copy certificates in odfe kibana conf dir
-  remote_user: kibana
-  copy:
-    src:  "{{ item }}"
-    dest: "config/"
-    mode: 0600
-  with_items:
-    - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.p12"
-    - "{{playbook_dir}}/secrets/CA/issued/{{ inventory_hostname }}.crt"
-    - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.key"
-    - "{{playbook_dir}}/secrets/CA/cacerts.jks"
-    - "{{playbook_dir}}/secrets/CA/ca.crt"
-    - "{{playbook_dir}}/secrets/CA/private/{{soctools_users[0].CN}}.p12"
-  tags:
-    - start
-
-- name: Get openid authkey
-  remote_user: kibana
-  set_fact:
-    kibanasecret: "{{lookup('file', '{{playbook_dir}}/secrets/tokens/kibanasecret',convert_data=False) | from_json }}"
-  tags:
-    - start
-
-#- name: Configure sysconfig
-#  template:
-#    src: sysconfig_elasticsearch.j2
-#    dest: sysconfig_elasticsearch
-#  tags:
-#    - start
-#
-#- name: Copy sysconfig to /etc
-#  command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch"
-#  tags: 
-#    - start
-
-#  lineinfile:
-#    path: /etc/sysconfig/elasticsearch
-#    regexp: '^ES_PATH_CONF='
-#    line: ES_PATH_CONF=/usr/share/elasticsearch/config
-#  tags:
-#    - start
-- name: Configure odfe kibana properties
-  remote_user: kibana
-  template:
-    src: "{{item}}.j2"
-    dest: "config/{{item}}"
-  with_items:
-    - kibana.yml
-  tags:
-    - start
-
-- name: Configure odfe kibana start script
-  remote_user: kibana
-  template:
-    src: "{{item}}.j2"
-    dest: "{{item}}"
-    mode: 0750
-  with_items:
-    - startkibana.sh
-  tags:
-    - start
-
-#- name: Exit here to test ODFE
-#  meta: end_play
-#  tags:
-#    - start
-
-
-- name: Generate configuration for thehive_button plugin
-  remote_user: kibana
-  template:
-    src: files/env.js.j2
-    dest: "/usr/share/kibana/plugins/thehive_button/public/env.js"
-    owner: kibana
-    group: kibana
-  tags:
-    - start
-
-
-- name: Start Kibana
-  remote_user: root
-  shell: "supervisorctl start kibana"
-  tags:
-    - start
-
-- name: Wait for Kibana
-  remote_user: kibana
-  wait_for:
-    host: "{{groups['odfekibanacontainers'][0]}}"
-    port: 5601
-    state: started
-    delay: 5
-  tags:
-    - start
-
-- name: Check Kibana health
-  remote_user: kibana
-  shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \
-              | egrep status....overall....state...green'
-  register: result
-  until: result.rc == 0
-  retries: 90
-  delay: 2
-  ignore_errors: yes
-  tags:
-    - start
-
-#- name: Copy tenant.json to container
-#  remote_user: kibana
-#  copy:
-#    src: "files/tenant.json"
-#    dest: /tmp/tenant.json
-#  tags:
-#    - start
-#
-#- name: change tenant to global
-#  shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/v1/multitenancy/tenant" \
-#         -b /tmp/cookie.txt -c /tmp/cookie.txt \
-#         -k --user admin:{{ odfees_adminpass }} \
-#         -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \
-#         -d @/tmp/tenant.json'
-#  tags:
-#    - start
-
-- name: Copy kibana_graphs.ndjson to container
-  remote_user: kibana
-  copy:
-    src: "files/kibana_graphs.ndjson"
-    dest: /tmp/kibana_graphs.ndjson
-  tags:
-    - start
-
-- name: Import graphs to kibana
-  remote_user: kibana
-  shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/saved_objects/_import?overwrite=true" \
-          -b /tmp/cookie.txt -c /tmp/cookie.txt \
-          -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \
-          -H "kbn-xsrf: reporting" -H "Content-Type: multipart/form-data" \
-          -F "file=@/tmp/kibana_graphs.ndjson"'
+- include: start.yml
   tags:
-    - start
-
-- name: Copy role modification json to container
-  remote_user: kibana
-  template:
-    src: "role.json.j2"
-    dest: /tmp/role.json
+   - start
+- include: stop.yml
   tags:
-    - start
-
-- name: Grant admin permissions to users
-  remote_user: kibana
-  shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/v1/configuration/rolesmapping/all_access" \
-          -b /tmp/cookie.txt -c /tmp/cookie.txt \
-          -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \
-          -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \
-          -d @/tmp/role.json'
+   - stop
+   - stop-odfekibana
+- include: update-config.yml
   tags:
-    - start
-
-#- name: cleanup temporary files for kibana_graph import
-#  shell: '/bin/rm -rf /tmp/cookie.txt /tmp/kibana_graphs.ndjson /tmp/tenant.json'
-#  ignore_errors: true
-#  tags:
-#    - start
-
-#- name: check reachable hosts
-#  gather_facts: no
-#  tasks:
-#    - command: ping -c1 {{ inventory_hostname }}
-#      delegate_to: localhost
-#      register: ping_result
-#      ignore_errors: yes
-#    - group_by: key=reachable
-#      when: ping_result|success
-
-#- name: Stop OpenDistro Kibana for Elasticsearch
-#  command: "pkill -SIGTERM -F {{inventory_hostname}}.pid"
-#  tags:
-#    - stop
-
-- name: Set Autostart for supervisord's services
-  shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
-  tags:
-    - start
-
-- name: Stop OpenDistro Kibana for Elasticsearch
-  remote_user: root
-  command: "supervisorctl stop kibana"
+   - update-config
+   - update-odfekibana-config
+- include: restart.yml
   tags:
-    - stop
+   - restart
+   - restart-odfekibana
diff --git a/roles/odfekibana/tasks/restart.yml b/roles/odfekibana/tasks/restart.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7ef339035ddb769ec70ffad981b8a36959f735e1
--- /dev/null
+++ b/roles/odfekibana/tasks/restart.yml
@@ -0,0 +1,32 @@
+---
+
+- name: Restart Kibana
+  remote_user: root
+  shell: "supervisorctl restart kibana"
+
+- name: Wait for Kibana
+  remote_user: kibana
+  wait_for:
+    host: "{{groups['odfekibanacontainers'][0]}}"
+    port: 5601
+    state: started
+    delay: 5
+
+- name: Check Kibana health
+  remote_user: kibana
+  shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \
+              | egrep status....overall....state...green'
+  register: result
+  until: result.rc == 0
+  retries: 90
+  delay: 2
+  ignore_errors: yes
+
+- name: Import graphs to kibana
+  remote_user: kibana
+  shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/saved_objects/_import?overwrite=true" \
+          -b /tmp/cookie.txt -c /tmp/cookie.txt \
+          -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \
+          -H "kbn-xsrf: reporting" -H "Content-Type: multipart/form-data" \
+          -F "file=@/tmp/kibana_graphs.ndjson"'
+
diff --git a/roles/odfekibana/tasks/start.yml b/roles/odfekibana/tasks/start.yml
new file mode 100644
index 0000000000000000000000000000000000000000..186a6a6c8effc0664dba8b6f72090aa932a7681a
--- /dev/null
+++ b/roles/odfekibana/tasks/start.yml
@@ -0,0 +1,166 @@
+---
+
+#- name: Create config directory
+#  file:
+#    name: config
+#    state: directory
+#    mode: 0700
+
+- name: Copy cacert to ca-trust dir
+  remote_user: root
+  copy:
+    src: "{{playbook_dir}}/secrets/CA/ca.crt"
+    dest: /etc/pki/ca-trust/source/anchors/ca.crt
+
+- name: Install cacert to root truststore
+  remote_user: root
+  command: "update-ca-trust"
+
+- name: Copy certificates in odfe kibana conf dir
+  remote_user: kibana
+  copy:
+    src:  "{{ item }}"
+    dest: "config/"
+    mode: 0600
+  with_items:
+    - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.p12"
+    - "{{playbook_dir}}/secrets/CA/issued/{{ inventory_hostname }}.crt"
+    - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.key"
+    - "{{playbook_dir}}/secrets/CA/cacerts.jks"
+    - "{{playbook_dir}}/secrets/CA/ca.crt"
+    - "{{playbook_dir}}/secrets/CA/private/{{soctools_users[0].CN}}.p12"
+
+- name: Get openid authkey
+  remote_user: kibana
+  set_fact:
+    kibanasecret: "{{lookup('file', '{{playbook_dir}}/secrets/tokens/kibanasecret',convert_data=False) | from_json }}"
+
+#- name: Configure sysconfig
+#  template:
+#    src: sysconfig_elasticsearch.j2
+#    dest: sysconfig_elasticsearch
+#
+#- name: Copy sysconfig to /etc
+#  command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch"
+
+#  lineinfile:
+#    path: /etc/sysconfig/elasticsearch
+#    regexp: '^ES_PATH_CONF='
+#    line: ES_PATH_CONF=/usr/share/elasticsearch/config
+
+- name: Configure odfe kibana properties
+  remote_user: kibana
+  template:
+    src: "{{item}}.j2"
+    dest: "config/{{item}}"
+  with_items:
+    - kibana.yml
+
+- name: Configure odfe kibana start script
+  remote_user: kibana
+  template:
+    src: "{{item}}.j2"
+    dest: "{{item}}"
+    mode: 0750
+  with_items:
+    - startkibana.sh
+
+#- name: Exit here to test ODFE
+#  meta: end_play
+
+
+- name: Generate configuration for thehive_button plugin
+  remote_user: kibana
+  template:
+    src: files/env.js.j2
+    dest: "/usr/share/kibana/plugins/thehive_button/public/env.js"
+    owner: kibana
+    group: kibana
+
+
+- name: Start Kibana
+  remote_user: root
+  shell: "supervisorctl start kibana"
+
+- name: Wait for Kibana
+  remote_user: kibana
+  wait_for:
+    host: "{{groups['odfekibanacontainers'][0]}}"
+    port: 5601
+    state: started
+    delay: 5
+
+- name: Check Kibana health
+  remote_user: kibana
+  shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \
+              | egrep status....overall....state...green'
+  register: result
+  until: result.rc == 0
+  retries: 90
+  delay: 2
+  ignore_errors: yes
+
+#- name: Copy tenant.json to container
+#  remote_user: kibana
+#  copy:
+#    src: "files/tenant.json"
+#    dest: /tmp/tenant.json
+#
+#- name: change tenant to global
+#  shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/v1/multitenancy/tenant" \
+#         -b /tmp/cookie.txt -c /tmp/cookie.txt \
+#         -k --user admin:{{ odfees_adminpass }} \
+#         -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \
+#         -d @/tmp/tenant.json'
+
+- name: Copy kibana_graphs.ndjson to container
+  remote_user: kibana
+  copy:
+    src: "files/kibana_graphs.ndjson"
+    dest: /tmp/kibana_graphs.ndjson
+
+- name: Import graphs to kibana
+  remote_user: kibana
+  shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/saved_objects/_import?overwrite=true" \
+          -b /tmp/cookie.txt -c /tmp/cookie.txt \
+          -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \
+          -H "kbn-xsrf: reporting" -H "Content-Type: multipart/form-data" \
+          -F "file=@/tmp/kibana_graphs.ndjson"'
+
+- name: Copy role modification json to container
+  remote_user: kibana
+  template:
+    src: "role.json.j2"
+    dest: /tmp/role.json
+
+- name: Grant admin permissions to users
+  remote_user: kibana
+  shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/v1/configuration/rolesmapping/all_access" \
+          -b /tmp/cookie.txt -c /tmp/cookie.txt \
+          -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \
+          -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \
+          -d @/tmp/role.json'
+
+#- name: cleanup temporary files for kibana_graph import
+#  shell: '/bin/rm -rf /tmp/cookie.txt /tmp/kibana_graphs.ndjson /tmp/tenant.json'
+#  ignore_errors: true
+
+#- name: check reachable hosts
+#  gather_facts: no
+#  tasks:
+#    - command: ping -c1 {{ inventory_hostname }}
+#      delegate_to: localhost
+#      register: ping_result
+#      ignore_errors: yes
+#    - group_by: key=reachable
+#      when: ping_result|success
+
+#- name: Stop OpenDistro Kibana for Elasticsearch
+#  command: "pkill -SIGTERM -F {{inventory_hostname}}.pid"
+
+- name: Set Autostart for supervisord's services
+  replace:
+    path: /etc/supervisord.conf
+    regexp: '^autostart=false$'
+    replace: 'autostart=true'
+
diff --git a/roles/odfekibana/tasks/stop.yml b/roles/odfekibana/tasks/stop.yml
new file mode 100644
index 0000000000000000000000000000000000000000..2ab354a31339c1ee47c5d287277b9e25c6afa377
--- /dev/null
+++ b/roles/odfekibana/tasks/stop.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Stop OpenDistro Kibana for Elasticsearch
+  remote_user: root
+  command: "supervisorctl stop kibana"
diff --git a/roles/odfekibana/tasks/update-config.yml b/roles/odfekibana/tasks/update-config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..779d95f971090d8575e3216bc1aa1179bee5eaae
--- /dev/null
+++ b/roles/odfekibana/tasks/update-config.yml
@@ -0,0 +1,34 @@
+---
+
+- name: Configure odfe kibana properties
+  remote_user: kibana
+  template:
+    src: "{{item}}.j2"
+    dest: "config/{{item}}"
+  with_items:
+    - kibana.yml
+
+- name: Configure odfe kibana start script
+  remote_user: kibana
+  template:
+    src: "{{item}}.j2"
+    dest: "{{item}}"
+    mode: 0750
+  with_items:
+    - startkibana.sh
+
+- name: Generate configuration for thehive_button plugin
+  remote_user: kibana
+  template:
+    src: files/env.js.j2
+    dest: "/usr/share/kibana/plugins/thehive_button/public/env.js"
+    owner: kibana
+    group: kibana
+
+
+- name: Copy kibana_graphs.ndjson to container
+  remote_user: kibana
+  copy:
+    src: "files/kibana_graphs.ndjson"
+    dest: /tmp/kibana_graphs.ndjson
+