diff --git a/Azure/build_ansible_inventory.sh b/Azure/build_ansible_inventory.sh
index 3ff11a5..d0ed6a0 100755
--- a/Azure/build_ansible_inventory.sh
+++ b/Azure/build_ansible_inventory.sh
@@ -21,9 +21,9 @@ fi
 cd ./Terraform || exit 1
 TF_OUTPUT=$(terraform output)
 
-DC_IP=$(echo "$TF_OUTPUT" | egrep -o "dc_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
-WEF_IP=$(echo "$TF_OUTPUT" | egrep -o "wef_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
-WIN10_IP=$(echo "$TF_OUTPUT" | egrep -o "win10_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
+DC_IP=$(echo "$TF_OUTPUT" | grep -E -o "dc_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
+WEF_IP=$(echo "$TF_OUTPUT" | grep -E -o "wef_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
+WIN10_IP=$(echo "$TF_OUTPUT" | grep -E -o "win10_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
 
 # Don't update unless there's default values in inventory.yml
 GREP_COUNT=$(grep -E -c 'x\.x\.x\.x|y\.y\.y\.y|z\.z\.z\.z' ../Ansible/inventory.yml)
diff --git a/Vagrant/resources/suricata/suricata.yaml b/Vagrant/resources/suricata/suricata.yaml
index 688e962..294ee5e 100644
--- a/Vagrant/resources/suricata/suricata.yaml
+++ b/Vagrant/resources/suricata/suricata.yaml
@@ -117,9 +117,9 @@ logging:
   default-log-level: notice
   default-output-filter:
   outputs:
-  - console:
+    - console:
       enabled: y
-  - syslog:
+    - syslog:
       enabled: no
       facility: local5
       format: "[%i] <%d> -- "
@@ -147,7 +147,6 @@ app-layer:
     dcerpc:
       enabled: yes
     ftp:
-      enabled: yes
       enabled: yes
       detection-ports:
         dp: 139, 445
@@ -167,16 +166,16 @@ app-layer:
     http:
       enabled: yes
       libhtp:
-         default-config:
-           personality: IDS
-           request-body-limit: 100kb
-           response-body-limit: 100kb
-           request-body-minimal-inspect-size: 32kb
-           request-body-inspect-window: 4kb
-           response-body-minimal-inspect-size: 40kb
-           response-body-inspect-window: 16kb
-           response-body-decompress-layer-limit: 2
-           http-body-inline: auto
+        default-config:
+          personality: IDS
+          request-body-limit: 100kb
+          response-body-limit: 100kb
+          request-body-minimal-inspect-size: 32kb
+          request-body-inspect-window: 4kb
+          response-body-minimal-inspect-size: 40kb
+          response-body-inspect-window: 16kb
+          response-body-decompress-layer-limit: 2
+          http-body-inline: auto
     modbus:
       enabled: no
       detection-ports:
@@ -269,12 +268,12 @@ detect:
     - management-cpu-set:
     - receive-cpu-set:
     - worker-cpu-set:
-        cpu: [ "all" ]
+        cpu: ["all"]
         mode: "exclusive"
         prio:
-          low: [ 0 ]
-          medium: [ "1-2" ]
-          high: [ 3 ]
+          low: [0]
+          medium: ["1-2"]
+          high: [3]
           default: "medium"
   detect-thread-ratio: 1.0
 luajit:
@@ -298,8 +297,8 @@ nflog:
     max-size: 20000
 capture:
 netmap:
- - interface: eth2
- - interface: default
+  - interface: eth2
+  - interface: default
 pfring:
   - interface: eth0
     threads: auto
@@ -307,10 +306,10 @@ pfring:
     cluster-type: cluster_flow
   - interface: default
 ipfw:
-    streams: ["0-3"]
-    auto-config: yes
-    ports: [all]
-    hashmode: hash5tuplesorted
+  streams: ["0-3"]
+  auto-config: yes
+  ports: [all]
+  hashmode: hash5tuplesorted
 default-rule-path: /var/lib/suricata/rules
 rule-files:
   - suricata.rules