diff --git a/docs/guide/README.adoc b/docs/guide/README.adoc
index 1743d262a..718be6c23 100644
--- a/docs/guide/README.adoc
+++ b/docs/guide/README.adoc
@@ -210,6 +210,18 @@ http://IPADDRESS - Kibana
 === Full Packet Capture
 Google's Stenographer is installed and configured in this build. However, it is disabled by default. There are a few reasons for this: First, it can be too much for Vagrant builds on meager hardware. Second, you really need to make sure you've mounted /data over sufficient storage before you start saving full packets. Once you're ready to get nuts, enable and start the service with `systemctl enable stenographer.service` and then `systemctl start stenographer.service`. Stenographer is already stubbed into the `/usr/local/bin/rock_{start,stop,status}` scripts, you just need to uncomment it if you're going to use it.
 
+=== File Scanning Framework
+Emerson Electric Co's File Scanning Framework is installed and configured in this build to analyze files seen by bro that are of specific mime-types, however this service is disabled by default. There are two primary reasons for this: First, just like stenographer FSF can be too much for ROCK builds on meager hardware. Second, you should carefully consider what file types you want to extract and what additional yara rules you want to scan your extracted files with. If you choose to Enable FSF in /etc/rocknsm/config.yml, the default configuration will automatically scan any of the following file types seen by bro and log the results to Elasticsearch.
+ - application/pdf
+ - application/vnd.openxmlformats-officedocument.wordprocessingml.document
+ - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+ - application/vnd.openxmlformats-officedocument.presentationml.presentation
+ - application/x-dosexec
+ - application/java-archive
+ - application/x-java-applet
+ - application/x-java-jnlp-file
+
+
 == THANKS
 This architecture is made possible by the efforts of the Missouri National Guard Cyber Team for donating talent and resources to further development.
 
diff --git a/docs/guide/configuration.adoc b/docs/guide/configuration.adoc
index e3ffad249..37b7ef126 100644
--- a/docs/guide/configuration.adoc
+++ b/docs/guide/configuration.adoc
@@ -98,6 +98,10 @@ Generally, most of the options you'll want to change are near the top. The file
 
 *NOTE*: While you theoretically _could_ install both Suricata and Snort, I guarantee that the automated deployment will not configure this as you were hoping.
 
+| with_fsf
+| `True`
+| Determines whether FSF will be installed and configured.
+
 | with_snort
 | `False`
 | Determines whether Snort will be installed and configured.
diff --git a/images/rock_full.png b/images/rock_full.png
index 075ef0f20..ddd3fb542 100644
Binary files a/images/rock_full.png and b/images/rock_full.png differ
diff --git a/playbooks/deploy-rock.yml b/playbooks/deploy-rock.yml
index 6571693e8..c870dc9ea 100644
--- a/playbooks/deploy-rock.yml
+++ b/playbooks/deploy-rock.yml
@@ -311,7 +311,10 @@
     when: with_zookeeper
 
   - name: Enable and start zookeeper
-    service: name=zookeeper state=started enabled=yes
+    service:
+      name: zookeeper
+      state: "{{ 'started' if enable_zookeeper else 'stopped' }}"
+      enabled: "{{ enable_zookeeper }}"
     when: with_zookeeper
 
     ######################################################
@@ -343,7 +346,10 @@
     when: with_kafka
 
   - name: Enable and start kafka
-    service: name=kafka state=started enabled=yes
+    service:
+      name: kafka
+      state: "{{ 'started' if enable_kafka else 'stopped' }}"
+      enabled: "{{ enable_kafka }}"
     when: with_kafka
 
     ######################################################
@@ -421,7 +427,10 @@
     when: with_elasticsearch
 
   - name: Enable and start Elasticsearch
-    service: name=elasticsearch state=started enabled=yes
+    service:
+      name: elasticsearch
+      state: "{{ 'started' if enable_elasticsearch else 'stopped' }}"
+      enabled: "{{ enable_elasticsearch }}"
     when: with_elasticsearch
     notify:
       - es maintenance
@@ -476,7 +485,10 @@
     when: with_logstash and with_fsf
 
   - name: Enable and start Logstash
-    service: name=logstash state=started enabled=yes
+    service:
+      name: logstash
+      state: "{{ 'started' if enable_logstash else 'stopped' }}"
+      enabled: "{{ enable_logstash }}"
     when: with_logstash
 
     #######################################################
@@ -650,6 +662,13 @@
       state: present
     when: with_bro and with_kafka
 
+  - name: Enable the SMB Analyzer in local.bro
+    lineinfile:
+      dest: /opt/bro/share/bro/site/local.bro
+      line: "@load policy/protocols/smb # Enable Bro SMB Analyzer"
+      state: present
+    when: with_bro
+
   - name: Add bro to path and aliases
     copy:
       src: profile.d-bro.sh
@@ -697,8 +716,11 @@
     when: with_bro
 
   - name: Enable and start broctl
-    service: name=broctl enabled=yes state=started
-    when: with_bro and enable_bro
+    service:
+      name: broctl
+      enabled: "{{ enable_bro }}"
+      state: "{{ 'started' if enable_bro else 'stopped' }}"
+    when: with_bro
 
     ######################################################
     ################# Setup Stenographer #################
@@ -742,8 +764,19 @@
       creates: /etc/stenographer/certs/client_key.pem
     when: with_stenographer
 
-  - name: Set Stenographer disabled by default
-    service: name=stenographer enabled=no state=stopped
+  - name: Configure Stenographer service
+    service:
+      name: stenographer
+      enabled: "{{ enable_stenographer }}"
+      state: "{{ 'started' if enable_stenographer else 'stopped' }}"
+    when: with_stenographer
+
+  - name: Configure Stenographer per-interface
+    service:
+      name: "stenographer@{{ item }}"
+      enabled: "{{ enable_stenographer }}"
+      state: "{{ 'started' if enable_stenographer else 'stopped' }}"
+    with_items: "{{ rock_monifs }}"
     when: with_stenographer
 
     ######################################################
@@ -811,7 +844,10 @@
     when: with_suricata
 
   - name: Enable and start suricata
-    service: name="suricata" enabled=yes state=started
+    service:
+      name: suricata
+      enabled: "{{ enable_suricata }}"
+      state: "{{ 'started' if enable_suricata else 'stopped' }}"
     when: with_suricata
 
   - name: Configure logrotate for suricata logs
@@ -939,16 +975,22 @@
     when: with_fsf
 
   - name: Enable and start FSF
-    service: name=fsf state=started enabled=yes
-    when: with_fsf and enable_fsf
+    service:
+      name: fsf
+      state: "{{ 'started' if enable_fsf else 'stopped' }}"
+      enabled: "{{ enable_fsf }}"
+    when: with_fsf
 
     ######################################################
     ################### Setup Kibana #####################
     ######################################################
 
   - name: Enable and start Kibana
-    service: name=kibana state=started enabled=yes
-    when: "{{ with_kibana }}"
+    service:
+      name: kibana
+      state: "{{ 'started' if enable_kibana else 'stopped' }}"
+      enabled: "{{ enable_kibana }}"
+    when: with_kibana
 
   - name: Download ROCK Dashboards
     get_url:
@@ -1067,7 +1109,10 @@
     when: with_nginx and with_kibana
 
   - name: Enable and start nginx
-    service: name=nginx state=started enabled=yes
+    service:
+      name: nginx
+      state: "{{ 'started' if enable_nginx else 'stopped' }}"
+      enabled: "{{ enable_nginx }}"
     when: with_nginx
 
     ######################################################
diff --git a/playbooks/files/logstash-fsf-es.conf b/playbooks/files/logstash-fsf-es.conf
index 08c030fa7..97df62ece 100644
--- a/playbooks/files/logstash-fsf-es.conf
+++ b/playbooks/files/logstash-fsf-es.conf
@@ -1,7 +1,7 @@
 input {
   file {
     codec => "json"
-    path => "/data/fsf/scan.log"
+    path => "/data/fsf/rockout.log"
     add_field => { "[@metadata][stage]" => "fsf" }
   }
 }
diff --git a/playbooks/files/rock_start b/playbooks/files/rock_start
index ccbc8bc16..51f157ec3 100644
--- a/playbooks/files/rock_start
+++ b/playbooks/files/rock_start
@@ -58,7 +58,10 @@ if feature_enabled stenographer; then
   echo "Starting Stenographer..."
   systemctl start stenographer
   sleep 5
-  systemctl status stenographer | egrep "^\s*Active"
+  for item in $(ls  /etc/stenographer/config* | awk -F. '/\./ { print $2 }')
+  do
+    systemctl status stenographer@${item} | egrep "^\s*Active" | cat <( echo -n "   ${item}: ") -
+  done
 fi
 
 if feature_enabled fsf; then
diff --git a/playbooks/files/stenographer@.service b/playbooks/files/stenographer@.service
index 56c09a5eb..8f6714fe2 100644
--- a/playbooks/files/stenographer@.service
+++ b/playbooks/files/stenographer@.service
@@ -33,5 +33,4 @@ ExecStart=/usr/bin/stenographer -config /etc/stenographer/config.%i
 ExecStopPost=/bin/pkill -9 stenotype
 
 [Install]
-WantedBy=multi-user.target
-
+WantedBy=stenographer.service
diff --git a/playbooks/templates/fsf-server-config.j2 b/playbooks/templates/fsf-server-config.j2
index 236ce8fce..e424ce8b3 100644
--- a/playbooks/templates/fsf-server-config.j2
+++ b/playbooks/templates/fsf-server-config.j2
@@ -9,7 +9,8 @@ SCANNER_CONFIG = { 'LOG_PATH' : '{{ fsf_data_dir }}',
                    'EXPORT_PATH' : '{{ fsf_archive_dir }}',
                    'TIMEOUT' : 60,
                    'PID_PATH': '/run/fsf/fsf.pid',
-                   'MAX_DEPTH' : 10 }
+                   'MAX_DEPTH' : 10,
+		   'ACTIVE_LOGGING_MODULES': ['rockout', 'scan_log'] }
 
 SERVER_CONFIG = { 'IP_ADDRESS' : "localhost",
                   'PORT' : 5800 }