diff --git a/etc/elastalert/rules/bro_conn.yaml b/etc/elastalert/rules/bro_conn.yaml
index e14718e..7eeef01 100644
--- a/etc/elastalert/rules/bro_conn.yaml
+++ b/etc/elastalert/rules/bro_conn.yaml
@@ -15,7 +15,7 @@ type: frequency
 
 # (Required)
 # Index to search, wildcard supported
-index: logstash-bro*
+index: "*:logstash-bro*"
 
 use_strftime_index: true
 
diff --git a/etc/elastalert/rules/ids.yaml b/etc/elastalert/rules/ids.yaml
index 15f1aab..54ddf1d 100644
--- a/etc/elastalert/rules/ids.yaml
+++ b/etc/elastalert/rules/ids.yaml
@@ -3,7 +3,7 @@ es_host: elasticsearch
 es_port: 9200
 name: Security Onion ElastAlert - New IDS Event!
 type: frequency
-index: logstash-ids*
+index: "*:logstash-ids*"
 num_events: 1
 timeframe:
     minutes: 1
diff --git a/usr/sbin/sosetup-elastic b/usr/sbin/sosetup-elastic
index ecc0856..ca66dd9 100755
--- a/usr/sbin/sosetup-elastic
+++ b/usr/sbin/sosetup-elastic
@@ -2024,7 +2024,12 @@ EOF
 		echo "# Please wait while stopping and disabling Kibana..." | tee -a $LOG
 		docker stop so-kibana >> $LOG 2>&1
 		sed -i 's|KIBANA_ENABLED="yes"|KIBANA_ENABLED="no"|g' $CONF
-
+		
+		echo "91"
+                echo "# Please wait while stopping and disabling ElastAlert..." | tee -a $LOG
+                docker stop so-elastalert >> $LOG 2>&1
+                sed -i 's|ELASTALERT_ENABLED="yes"|ELASTALERT_ENABLED="no"|g' $CONF
+		
     		echo "93"
 		echo "# Please wait while stopping and disabling MySQL..." | tee -a $LOG
 		service mysql stop >> $LOG 2>&1