diff --git a/extra/elasticsearch.yml b/extra/elasticsearch.yml
new file mode 100644
index 0000000..6ad7cb0
--- /dev/null
+++ b/extra/elasticsearch.yml
@@ -0,0 +1,55 @@
+version: '3.7'
+
+services:
+
+  wazuh-elasticsearch:
+    image: amazon/opendistro-for-elasticsearch:1.12.0
+    hostname: elasticsearch
+    restart: unless-stopped
+    ports:
+      - "${MISTBORN_BIND_IP}:9200:9200"
+    environment:
+      - discovery.type=single-node
+      - cluster.name=wazuh-cluster
+      - network.host=0.0.0.0
+      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+      - bootstrap.memory_lock=true
+    volumes:
+      - ../../mistborn_volumes/extra/elasticsearch/init/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+  
+  wazuh-kibana:
+    image: wazuh/wazuh-kibana-odfe:4.1.2
+    hostname: wazuh-kibana
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.wazuhk-http.rule=Host(`wazuh.mistborn`)"
+      - "traefik.http.routers.wazuhk-http.entrypoints=web"
+      - "traefik.http.routers.wazuhk-http.middlewares=mistborn_auth@file"
+      - "traefik.http.routers.wazuhk-https.rule=Host(`wazuh.mistborn`)"
+      - "traefik.http.routers.wazuhk-https.entrypoints=websecure"
+      - "traefik.http.routers.wazuhk-https.middlewares=mistborn_auth@file"
+      - "traefik.http.routers.wazuhk-https.tls.certresolver=basic"
+      - "traefik.http.services.wazuhk-service.loadbalancer.server.port=5601"
+    #ports:
+    #  - "${MISTBORN_BIND_IP}:5601:5601"
+    depends_on:
+      - wazuh-elasticsearch
+    environment:
+      - SERVER_SSL_ENABLED=false
+      - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/opendistroforelasticsearch.example.org.cert
+      - SERVER_SSL_KEY=/usr/share/kibana/config/opendistroforelasticsearch.example.org.key
+    env_file:
+      - ../.envs/.production/.wazuh
+
+networks:
+  default:
+    external:
+      name: mistborn_default
diff --git a/extra/wazuh.yml b/extra/wazuh.yml
index f7df12a..b1bd859 100644
--- a/extra/wazuh.yml
+++ b/extra/wazuh.yml
@@ -28,29 +28,6 @@ services:
       - filebeat_etc:/etc/filebeat
       - filebeat_var:/var/lib/filebeat
 
-  wazuh-kibana:
-    image: wazuh/wazuh-kibana-odfe:4.1.2
-    hostname: wazuh-kibana
-    restart: unless-stopped
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.wazuhk-http.rule=Host(`wazuh.mistborn`)"
-      - "traefik.http.routers.wazuhk-http.entrypoints=web"
-      - "traefik.http.routers.wazuhk-http.middlewares=mistborn_auth@file"
-      - "traefik.http.routers.wazuhk-https.rule=Host(`wazuh.mistborn`)"
-      - "traefik.http.routers.wazuhk-https.entrypoints=websecure"
-      - "traefik.http.routers.wazuhk-https.middlewares=mistborn_auth@file"
-      - "traefik.http.routers.wazuhk-https.tls.certresolver=basic"
-      - "traefik.http.services.wazuhk-service.loadbalancer.server.port=5601"
-    #ports:
-    #  - "${MISTBORN_BIND_IP}:5601:5601"
-    environment:
-      - SERVER_SSL_ENABLED=false
-      - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/opendistroforelasticsearch.example.org.cert
-      - SERVER_SSL_KEY=/usr/share/kibana/config/opendistroforelasticsearch.example.org.key
-    env_file:
-      - ../.envs/.production/.wazuh
-
 volumes:
   ossec_api_configuration:
   ossec_etc:
diff --git a/scripts/services/Mistborn-elasticsearch.service b/scripts/services/Mistborn-elasticsearch.service
new file mode 100644
index 0000000..7e23145
--- /dev/null
+++ b/scripts/services/Mistborn-elasticsearch.service
@@ -0,0 +1,22 @@
+[Unit]
+Description=Mistborn Elasticsearch Service
+Requires=Mistborn-base.service
+After=Mistborn-base.service
+PartOf=Mistborn-base.service
+
+[Service]
+Restart=always
+RestartSec=15
+User=root
+Group=docker
+PermissionsStartOnly=true
+# Shutdown container (if running) when unit is stopped
+ExecStartPre=/usr/sbin/sysctl -w vm.max_map_count=262144
+ExecStartPre=/opt/mistborn/scripts/wrappers/mistborn_docker.sh elasticsearch,wazuh docker-compose -f /opt/mistborn/extra/elasticsearch.yml down
+# Start container when unit is started
+ExecStart=/opt/mistborn/scripts/wrappers/mistborn_docker.sh elasticsearch,wazuh docker-compose -f /opt/mistborn/extra/elasticsearch.yml up --build
+# Stop container when unit is stopped
+ExecStop=/opt/mistborn/scripts/wrappers/mistborn_docker.sh elasticsearch,wazuh docker-compose -f /opt/mistborn/extra/elasticsearch.yml down
+
+[Install]
+WantedBy=multi-user.target
diff --git a/scripts/services/elasticsearch/files/internal_users.yml b/scripts/services/elasticsearch/files/internal_users.yml
new file mode 100644
index 0000000..540eede
--- /dev/null
+++ b/scripts/services/elasticsearch/files/internal_users.yml
@@ -0,0 +1,17 @@
+---
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+_meta:
+  type: "internalusers"
+  config_version: 2
+
+# Define your internal users here
+
+mistborn:
+  hash: "__MISTBORN_HASH__"
+  reserved: true
+  backend_roles:
+  - "admin"
+  description: "Mistborn user"
+
diff --git a/scripts/services/elasticsearch/init.sh b/scripts/services/elasticsearch/init.sh
new file mode 100755
index 0000000..c5ae89b
--- /dev/null
+++ b/scripts/services/elasticsearch/init.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -e
+
+if [[ -f "/opt/mistborn_volumes/extra/elasticsearch/init/internal_users.yml" ]]; then
+    echo "internal_users.yml exists. Proceeding."
+    exit 0
+fi
+
+mkdir -p /opt/mistborn_volumes/extra/elasticsearch/init/ >/dev/null 2>&1
+chmod -R +x /opt/mistborn_volumes/extra/elasticsearch/init/
+cp /opt/mistborn-internal/security_center/services/elasticsearch/files/internal_users.yml /opt/mistborn_volumes/extra/elasticsearch/init/
+
+ELASTICSEARCH_MISTBORN_HASHED=$(docker run --rm amazon/opendistro-for-elasticsearch:1.12.0 bash /usr/share/elasticsearch/plugins/opendistro_security/tools/hash.sh -p ${MISTBORN_DEFAULT_PASSWORD} | tr -d '\n')
+
+sed -i "s|__MISTBORN_HASH__|${ELASTICSEARCH_MISTBORN_HASHED}|" /opt/mistborn_volumes/extra/elasticsearch/init/internal_users.yml
diff --git a/scripts/subinstallers/extra/elasticsearch.sh b/scripts/subinstallers/extra/elasticsearch.sh
new file mode 100755
index 0000000..e7547ae
--- /dev/null
+++ b/scripts/subinstallers/extra/elasticsearch.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# Elasticsearch
+ELASTICSEARCH_PROD_FILE="$1"
+echo "MISTBORN_DEFAULT_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $ELASTICSEARCH_PROD_FILE
+chmod 600 $ELASTICSEARCH_PROD_FILE
diff --git a/scripts/wrappers/mistborn_docker.sh b/scripts/wrappers/mistborn_docker.sh
index bb33894..a5fa403 100755
--- a/scripts/wrappers/mistborn_docker.sh
+++ b/scripts/wrappers/mistborn_docker.sh
@@ -2,38 +2,43 @@
 
 set -e
 
-SERVICE="$1"
+MISTBORN_HOME="/opt/mistborn"
+
+SERVICES="$1"
 shift
 
-export MISTBORN_HOME="/opt/mistborn"
-export MISTBORN_SERVICE_FILE=${MISTBORN_HOME}/.envs/.production/.${SERVICE}
-export MISTBORN_SERVICE_INIT=${MISTBORN_HOME}/scripts/services/${SERVICE}/init.sh
-
-# check and create file if needed
-${MISTBORN_HOME}/scripts/env/check_env_file.sh ${SERVICE}
-
-# read in variables
-set -a
-source ${MISTBORN_HOME}/.env
-
-if [[ -f "${MISTBORN_SERVICE_FILE}" ]]; then
-    echo "Loading service variables"
-    source ${MISTBORN_SERVICE_FILE}
-else
-    echo "No service variables to load. Proceeding."
-fi
-set +a
-
-# init script
-if [[ -f "${MISTBORN_SERVICE_INIT}" ]]; then
-    echo "Running init script"
-    ${MISTBORN_SERVICE_INIT}
-else
-    echo "No init script. Proceeding."
-fi
+IFS=','
+read -ra SERVICES_ARRAY <<< "${SERVICES}"
+for SERVICE in "${SERVICES_ARRAY[@]}"; do
+    MISTBORN_SERVICE_FILE=${MISTBORN_HOME}/.envs/.production/.${SERVICE}
+    MISTBORN_SERVICE_INIT=${MISTBORN_HOME}/scripts/services/${SERVICE}/init.sh
+
+    # check and create file if needed
+    ${MISTBORN_HOME}/scripts/env/check_env_file.sh ${SERVICE}
+
+    # read in variables
+    set -a
+    source ${MISTBORN_HOME}/.env
+
+    if [[ -f "${MISTBORN_SERVICE_FILE}" ]]; then
+        echo "Loading service variables"
+        source ${MISTBORN_SERVICE_FILE}
+    else
+        echo "No service variables to load. Proceeding."
+    fi
+    set +a
+
+    # init script
+    if [[ -f "${MISTBORN_SERVICE_INIT}" ]]; then
+        echo "Running init script"
+        ${MISTBORN_SERVICE_INIT}
+    else
+        echo "No init script. Proceeding."
+    fi
+done
 
 # ensure base is up and listening
-echo "Waiting for Mistborn-base to finish starting up..."
+echo "Checking that Mistborn-base has finished starting up..."
 
 while ! nc -z 10.2.3.1 5000; do
     WAIT_TIME=$((5 + $RANDOM % 15))