diff --git a/LICENSE b/LICENSE
index f2ae7cd6..6d22e815 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,6 +1,6 @@
 BSD 2-Clause License
 
-Copyright (c) 2021, Gravwell Inc
+Copyright (c) 2026, Gravwell Inc
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
diff --git a/auditd/MANIFEST b/auditd/MANIFEST
index e984ba5a..edf4c5db 100644
--- a/auditd/MANIFEST
+++ b/auditd/MANIFEST
@@ -2,8 +2,8 @@
 	"ID": "io.gravwell.auditd",
 	"Name": "Auditd Detection Kit",
 	"Desc": "Provides tools, utilities, and detections to enable use of Auditd logs.",
-	"Readme": "This kit is designed to provide an out-of-the-box experience for working with Auditd logs. \n\nIt provides the following utilities:\n- Queries\n- Detections\n- Stats\n- Dashboards\n- Actionables\n- Templates\n- Macros",
-	"Version": 2,
+	"Readme": "This kit is designed to provide an out-of-the-box experience for working with Auditd logs.\n\nThe Auditd Kit is licensed under the BSD 2-Clause license and the contents are available on [Github](https://github.com/gravwell/kits/tree/main/auditd).\n\nIt provides the following utilities:\n- Queries\n- Detections\n- Stats\n- Dashboards\n- Actionables\n- Templates\n- Macros\n\n## Dependencies\n- Null\n\n## Changelog\n**1.0: Initial Release**\n- actionables (2)\n- autoextractor (1)\n- dashboard (4)\n- file (3)\n- license (1)\n- macro (2)\n- playbook (3)\n- resource (1)\n- searchlibrary (70)\n- template (2)",
+	"Version": 1,
 	"MinVersion": {
 		"Major": 0,
 		"Minor": 0,
@@ -18,11 +18,16 @@
 	"Banner": "05a7cd79-0cbf-46cf-b177-9eca9965e397",
 	"Cover": "d073d25c-573c-4727-bd87-1ea84f7e9c8f",
 	"Items": [
-                {
-                        "Name": "exe_baseline",
-                        "Type": 1,
-                        "Hash": "0000000000000000000000000000000000000000000000000000000000000000"
-                },
+        {
+            "Name": "BSD 2-Clause",
+            "Type": 10,
+            "Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+        },
+        {
+            "Name": "exe_baseline",
+            "Type": 1,
+            "Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+        },
 		{
 			"Name": "add5175f-8839-4e85-9d38-659d4af89eb0",
 			"Type": 6,
diff --git a/auditd/README.md b/auditd/README.md
index eff9a741..6066b5af 100644
--- a/auditd/README.md
+++ b/auditd/README.md
@@ -1,5 +1,7 @@
 This kit is designed to provide an out-of-the-box experience for working with Auditd logs. 
 
+The Auditd Kit is licensed under the BSD 2-Clause license and the contents are available on [Github](https://github.com/gravwell/kits/tree/main/auditd).
+
 It provides the following utilities:
 - Queries
 - Detections
@@ -7,4 +9,20 @@ It provides the following utilities:
 - Dashboards
 - Actionables
 - Templates
-- Macros
\ No newline at end of file
+- Macros
+
+## Dependencies
+- Null
+
+## Changelog
+ **1.0: Initial Release**
+	- actionables (2)
+	- autoextractor (1)
+	- dashboard (4)
+	- file (3)
+	- license (1)
+	- macro (2)
+	- playbook (3)
+	- resource (1)
+	- searchlibrary (70)
+	- template (2)
\ No newline at end of file
diff --git a/auditd/banner.png b/auditd/banner.png
index 44960bbe..b1b04473 100644
Binary files a/auditd/banner.png and b/auditd/banner.png differ
diff --git a/auditd/cover.png b/auditd/cover.png
index 6bbfb18a..69668546 100644
Binary files a/auditd/cover.png and b/auditd/cover.png differ
diff --git a/auditd/file/05a7cd79-0cbf-46cf-b177-9eca9965e397.contents b/auditd/file/05a7cd79-0cbf-46cf-b177-9eca9965e397.contents
index 44960bbe..b1b04473 100644
Binary files a/auditd/file/05a7cd79-0cbf-46cf-b177-9eca9965e397.contents and b/auditd/file/05a7cd79-0cbf-46cf-b177-9eca9965e397.contents differ
diff --git a/auditd/file/4e8c480b-83ee-482e-aa80-ff6bf90a53ba.contents b/auditd/file/4e8c480b-83ee-482e-aa80-ff6bf90a53ba.contents
index 011ed4a3..e6fb7aed 100644
Binary files a/auditd/file/4e8c480b-83ee-482e-aa80-ff6bf90a53ba.contents and b/auditd/file/4e8c480b-83ee-482e-aa80-ff6bf90a53ba.contents differ
diff --git a/auditd/file/d073d25c-573c-4727-bd87-1ea84f7e9c8f.contents b/auditd/file/d073d25c-573c-4727-bd87-1ea84f7e9c8f.contents
index 6bbfb18a..69668546 100644
Binary files a/auditd/file/d073d25c-573c-4727-bd87-1ea84f7e9c8f.contents and b/auditd/file/d073d25c-573c-4727-bd87-1ea84f7e9c8f.contents differ
diff --git a/auditd/license/BSD 2-Clause.meta b/auditd/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/auditd/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/aws_cloudtrail/MANIFEST b/aws_cloudtrail/MANIFEST
index 48da79aa..f5d984ac 100644
--- a/aws_cloudtrail/MANIFEST
+++ b/aws_cloudtrail/MANIFEST
@@ -2,7 +2,7 @@
 	"ID": "io.gravwell.aws_cloudtrail",
 	"Name": "AWS CloudTrail Detection Kit",
 	"Desc": "Provides tools, utilities, and detections to enable use of AWS CloudTrail logs.",
-	"Readme": "This kit is designed to provide an out-of-the-box experience for working with AWS CloudTrail logs.\n\n It provides the following utilities:\n - Queries\n- Detections\n- Stats\n- Dashboards\n- Actionables\n- Templates\n\nRefer to playbooks for implementation guides, and a kit overview for more detail on components.",
+	"Readme": "This kit is designed to provide an out-of-the-box experience for working with AWS CloudTrail logs.\n\nIt provides the following utilities:\n- Queries\n- Detections\n- Stats\n- Dashboards\n- Actionables\n- Templates\n\nRefer to playbooks for implementation guides, and a kit overview for more detail on components.\n\nThe CloudTrail kit is licensed is licensed under the BSD 2-Clause license and the contents are available on [Github](https://github.com/gravwell/kits/tree/main/aws_cloudtrail).\n\n## Dependencies\n- Null\n\n## Changelog\n**1.0: Initial Release**\n- actionables (2)\n- dashboard (3)\n- file (3)\n- license (1)\n- macro (1)\n- playbook (3)\n- searchlibrary (66)\n- template (4)",
 	"Version": 1,
 	"MinVersion": {
 		"Major": 0,
@@ -16,9 +16,14 @@
 	},
 	"Icon": "1feb95d8-73a7-410b-93bc-105c48ba5dc3",
 	"Banner": "10e6bfe7-eccc-47c8-9e22-7147f39d9973",
-	"Cover": "10e6bfe7-eccc-47c8-9e22-7147f39d9973",
+	"Cover": "cc57efb0-2fa5-4101-8892-0fd278168185",
 	"Items": [
 		{
+            "Name": "BSD 2-Clause",
+            "Type": 10,
+            "Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+        },
+        {
 			"Name": "c1806fba-6f21-48a9-9d5b-832ba2e04183",
 			"Type": 3,
 			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
@@ -402,6 +407,11 @@
 			"Name": "10e6bfe7-eccc-47c8-9e22-7147f39d9973",
 			"Type": 7,
 			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
+				{
+			"Name": "cc57efb0-2fa5-4101-8892-0fd278168185",
+			"Type": 7,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
 		},
 		{
 			"Name": "31fb0d26-2b71-4fe9-a7b1-995bf0d9139c",
diff --git a/aws_cloudtrail/README.md b/aws_cloudtrail/README.md
index c042a62c..a879f59f 100644
--- a/aws_cloudtrail/README.md
+++ b/aws_cloudtrail/README.md
@@ -8,4 +8,20 @@ It provides the following utilities:
 - Actionables
 - Templates
 
-Refer to playbooks for implementation guides, and a kit overview for more detail on components.
\ No newline at end of file
+Refer to playbooks for implementation guides, and a kit overview for more detail on components.
+
+The CloudTrail kit is licensed is licensed under the BSD 2-Clause license and the contents are available on [Github](https://github.com/gravwell/kits/tree/main/aws_cloudtrail).
+
+## Dependencies
+- Null
+
+## Changelog
+ **1.0: Initial Release**
+	- actionables (2)
+	- dashboard (3)
+	- file (3)
+	- license (1)
+	- macro (1)
+	- playbook (3)
+	- searchlibrary (66)
+	- template (4)
\ No newline at end of file
diff --git a/aws_cloudtrail/banner.png b/aws_cloudtrail/banner.png
index c9ac8781..9e2b9f3b 100644
Binary files a/aws_cloudtrail/banner.png and b/aws_cloudtrail/banner.png differ
diff --git a/aws_cloudtrail/cover.png b/aws_cloudtrail/cover.png
index c9ac8781..fa498f75 100644
Binary files a/aws_cloudtrail/cover.png and b/aws_cloudtrail/cover.png differ
diff --git a/aws_cloudtrail/file/10e6bfe7-eccc-47c8-9e22-7147f39d9973.contents b/aws_cloudtrail/file/10e6bfe7-eccc-47c8-9e22-7147f39d9973.contents
index c9ac8781..9e2b9f3b 100644
Binary files a/aws_cloudtrail/file/10e6bfe7-eccc-47c8-9e22-7147f39d9973.contents and b/aws_cloudtrail/file/10e6bfe7-eccc-47c8-9e22-7147f39d9973.contents differ
diff --git a/aws_cloudtrail/file/1feb95d8-73a7-410b-93bc-105c48ba5dc3.contents b/aws_cloudtrail/file/1feb95d8-73a7-410b-93bc-105c48ba5dc3.contents
index c9ac8781..1a5e0a67 100644
Binary files a/aws_cloudtrail/file/1feb95d8-73a7-410b-93bc-105c48ba5dc3.contents and b/aws_cloudtrail/file/1feb95d8-73a7-410b-93bc-105c48ba5dc3.contents differ
diff --git a/aws_cloudtrail/file/cc57efb0-2fa5-4101-8892-0fd278168185.contents b/aws_cloudtrail/file/cc57efb0-2fa5-4101-8892-0fd278168185.contents
new file mode 100644
index 00000000..fa498f75
Binary files /dev/null and b/aws_cloudtrail/file/cc57efb0-2fa5-4101-8892-0fd278168185.contents differ
diff --git a/aws_cloudtrail/file/cc57efb0-2fa5-4101-8892-0fd278168185.meta b/aws_cloudtrail/file/cc57efb0-2fa5-4101-8892-0fd278168185.meta
new file mode 100644
index 00000000..4b67811c
--- /dev/null
+++ b/aws_cloudtrail/file/cc57efb0-2fa5-4101-8892-0fd278168185.meta
@@ -0,0 +1,8 @@
+{
+	"GUID": "10e6bfe7-eccc-47c8-9e22-7147f39d9973",
+	"Name": "cover file for kit build \"AWS CloudTrail v1\"",
+	"Desc": "",
+	"Labels": [
+		"Kit Build"
+	]
+}
\ No newline at end of file
diff --git a/aws_cloudtrail/license/BSD 2-Clause.meta b/aws_cloudtrail/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/aws_cloudtrail/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/aws_guardduty/MANIFEST b/aws_guardduty/MANIFEST
index d7aab15b..3299dd3c 100644
--- a/aws_guardduty/MANIFEST
+++ b/aws_guardduty/MANIFEST
@@ -2,7 +2,7 @@
 	"ID": "io.gravwell.guardduty",
 	"Name": "AWS GuardDuty",
 	"Desc": "Provides tools and utilities to work with AWS GuardDuty logs",
-	"Readme": "This kit is designed to provide an out-of-the-box experience for reviewing AWS GuardDuty findings.\n\nIt provides the following utilities:\n- Queries\n- Dashboards\n\nRefer to playbooks for implementation guides, and a kit overview for more detail on components.",
+	"Readme": "This kit is designed to provide an out-of-the-box experience for reviewing AWS GuardDuty findings.\n\nIt provides the following utilities:\n- Queries\n- Dashboards\n\nRefer to playbooks for implementation guides, and a kit overview for more detail on components.\n\nThe Auditd Kit is licensed under the BSD 2-Clause license and the contents are available on [Github](https://github.com/gravwell/kits/tree/main/aws_guardduty).\n\n## Dependencies\n- Null\n\n## Changelog\n**1.0: Initial Release**\n- dashboard (2)\n- file (3)\n- license (1)\n- macro (3)\n- playbook (3)\n- searchlibrary (9)",
 	"Version": 1,
 	"MinVersion": {
 		"Major": 0,
@@ -14,11 +14,16 @@
 		"Minor": 9,
 		"Point": 9
 	},
-	"Icon": "302756cb-c324-4858-b092-d0c8f2d83af6",
+	"Icon": "ea21fc3a-fdb1-4ad1-ba3a-658b18f2d41a",
 	"Banner": "ba4b2c14-3763-492d-9f32-cafa189bff0b",
 	"Cover": "302756cb-c324-4858-b092-d0c8f2d83af6",
 	"Items": [
 		{
+            "Name": "BSD 2-Clause",
+            "Type": 10,
+            "Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+        },
+        {
 			"Name": "GUARDDUTY_ALERT",
 			"Type": 8,
 			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
@@ -88,6 +93,11 @@
 			"Type": 7,
 			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
 		},
+		{
+			"Name": "ea21fc3a-fdb1-4ad1-ba3a-658b18f2d41a",
+			"Type": 7,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
 		{
 			"Name": "ba4b2c14-3763-492d-9f32-cafa189bff0b",
 			"Type": 7,
diff --git a/aws_guardduty/README.md b/aws_guardduty/README.md
index b50cfec9..3d24f07e 100644
--- a/aws_guardduty/README.md
+++ b/aws_guardduty/README.md
@@ -5,4 +5,18 @@ It provides the following utilities:
 - Queries
 - Dashboards
 
-Refer to playbooks for implementation guides, and a kit overview for more detail on components.
\ No newline at end of file
+Refer to playbooks for implementation guides, and a kit overview for more detail on components.
+
+The Auditd Kit is licensed under the BSD 2-Clause license and the contents are available on [Github](https://github.com/gravwell/kits/tree/main/aws_guardduty).
+
+## Dependencies
+- Null
+
+## Changelog
+ **1.0: Initial Release**
+	- dashboard (2)
+	- file (3)
+	- license (1)
+	- macro (3)
+	- playbook (3)
+	- searchlibrary (9)
\ No newline at end of file
diff --git a/aws_guardduty/banner.png b/aws_guardduty/banner.png
index 698621b9..49f75c39 100644
Binary files a/aws_guardduty/banner.png and b/aws_guardduty/banner.png differ
diff --git a/aws_guardduty/cover.png b/aws_guardduty/cover.png
index c6239371..d184ae53 100644
Binary files a/aws_guardduty/cover.png and b/aws_guardduty/cover.png differ
diff --git a/aws_guardduty/file/302756cb-c324-4858-b092-d0c8f2d83af6.contents b/aws_guardduty/file/302756cb-c324-4858-b092-d0c8f2d83af6.contents
index c6239371..d184ae53 100644
Binary files a/aws_guardduty/file/302756cb-c324-4858-b092-d0c8f2d83af6.contents and b/aws_guardduty/file/302756cb-c324-4858-b092-d0c8f2d83af6.contents differ
diff --git a/aws_guardduty/file/ba4b2c14-3763-492d-9f32-cafa189bff0b.contents b/aws_guardduty/file/ba4b2c14-3763-492d-9f32-cafa189bff0b.contents
index 698621b9..49f75c39 100644
Binary files a/aws_guardduty/file/ba4b2c14-3763-492d-9f32-cafa189bff0b.contents and b/aws_guardduty/file/ba4b2c14-3763-492d-9f32-cafa189bff0b.contents differ
diff --git a/aws_guardduty/file/ea21fc3a-fdb1-4ad1-ba3a-658b18f2d41a.contents b/aws_guardduty/file/ea21fc3a-fdb1-4ad1-ba3a-658b18f2d41a.contents
new file mode 100644
index 00000000..721321dc
Binary files /dev/null and b/aws_guardduty/file/ea21fc3a-fdb1-4ad1-ba3a-658b18f2d41a.contents differ
diff --git a/aws_guardduty/file/ea21fc3a-fdb1-4ad1-ba3a-658b18f2d41a.meta b/aws_guardduty/file/ea21fc3a-fdb1-4ad1-ba3a-658b18f2d41a.meta
new file mode 100644
index 00000000..49504a9c
--- /dev/null
+++ b/aws_guardduty/file/ea21fc3a-fdb1-4ad1-ba3a-658b18f2d41a.meta
@@ -0,0 +1,6 @@
+{
+	"GUID": "ea21fc3a-fdb1-4ad1-ba3a-658b18f2d41a",
+	"Name": "GuardDuty Icon",
+	"Desc": "",
+	"Labels": null
+}
\ No newline at end of file
diff --git a/aws_guardduty/license/BSD 2-Clause.meta b/aws_guardduty/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/aws_guardduty/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/barracuda/MANIFEST b/barracuda/MANIFEST
index 2dc1a1ce..61390278 100644
--- a/barracuda/MANIFEST
+++ b/barracuda/MANIFEST
@@ -19,6 +19,10 @@
 	"Cover": "65c51746-4590-4451-9c8e-f0ea7275fa95",
 	"Items": [
 		{
+			"Name": "BSD 2-Clause",
+			"Type": 10,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},		{
 			"Name": "barracuda-lookup-spyware_type",
 			"Type": 1,
 			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
diff --git a/barracuda/license/BSD 2-Clause.meta b/barracuda/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/barracuda/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/corelight/MANIFEST b/corelight/MANIFEST
index f186b246..173138b0 100644
--- a/corelight/MANIFEST
+++ b/corelight/MANIFEST
@@ -6,7 +6,7 @@
 	"MinVersion": {
 		"Major": 5,
 		"Minor": 4,
-		"Point": 2 
+		"Point": 2
 	},
 	"MaxVersion": {
 		"Major": 5,
@@ -17,6 +17,11 @@
 	"Banner": "dcf4a811-d1a1-4db5-9399-ff3934b19e13",
 	"Cover": "b48104e6-5206-4f0a-99ba-fb23c1534853",
 	"Items": [
+		{
+			"Name": "BSD 2-Clause",
+			"Type": 10,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
 		{
 			"Name": "36e50b20-9679-4285-a4a4-69da6d94de5e",
 			"Type": 6,
@@ -106,7 +111,7 @@
                         "Name": "1bc67d4c-ec04-4a94-a559-e443c7b02204",
                         "Type": 3,
                         "Hash": "0000000000000000000000000000000000000000000000000000000000000000"
-                },		
+                },
 		{
 			"Name": "c22c294a-2eb3-4d1b-be1a-3ea8b076e3e0",
 			"Type": 3,
diff --git a/corelight/LICENSE b/corelight/NOTICE.txt
similarity index 100%
rename from corelight/LICENSE
rename to corelight/NOTICE.txt
diff --git a/corelight/license/BSD 2-Clause.meta b/corelight/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/corelight/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/duo/LICENSE.txt b/duo/LICENSE.txt
deleted file mode 100644
index 058be92a..00000000
--- a/duo/LICENSE.txt
+++ /dev/null
@@ -1 +0,0 @@
-Duo images are wholly owned by Duo and distributed according to the [Duo Deployment Signage](https://help.duo.com/s/article/2213?language=en_US) and are **NOT** subject to any Gravwell licensing.
\ No newline at end of file
diff --git a/duo/MANIFEST b/duo/MANIFEST
index 6e9c6388..5530c66f 100644
--- a/duo/MANIFEST
+++ b/duo/MANIFEST
@@ -2,7 +2,7 @@
 	"ID": "io.gravwell.duo",
 	"Name": "Duo",
 	"Desc": "The Duo Kit provides a baseline set of tags, macros, saved queries, lookup resources, alerts, scheduled searches, flows, playbooks, actionables, dashboard searches, alert queries, and dashboards for your Duo data.",
-	"Readme": "***\n\nA toolkit for interacting with Duo data in Gravwell. This kit includes queries, resources (lookups), templates, autoextractors, macros, dashboards, alerts, scheduled searches, and flows to help streamline Duo analysis across Activity, Authentication, Administrator, Telephony, and Offline Enrollment log sources.\n\n***\n\n## Table of Contents\n0. [Data Ingestion](#0-data-ingestion)  \n1. [Tags \u0026 Macros](#1-tags--macros)  \n    1.1. [Tags](#1-1-tags)  \n    1.2. [Autoextractors](#1-2-autoextractors)  \n    1.3. [Macros](#1-3-macros)  \n2. [Query Library](#2-query-library)  \n3. [Naming Schema](#3-naming-schema)  \n4. [Resources](#4-resources)  \n    4.1. [Lookups](#4-1-lookups)  \n5. [Alerts](#5-alerts)  \n    5.1 [Dispatchers](#5-1-dispatchers)  \n    5.2 [Consumers](#5-2-consumers)\n6. [Scheduled Searches](#6-scheduled-searches)  \n\t6.1. [Flows](#6-1-flows)\n7. [Playbooks](#7-playbooks)  \n8. [Searches](#8-searches)  \n\t8.1. [Alert Queries](#8-1-alert-queries) \n9. [Templates](#9-templates)  \n10. [Dashboards](#10-dashboards)  \n\t10.1 [Actionables](#10-1-actionables)\n11. [Useful Resources \u0026 References](#11-useful-resources--references)  \n12. [Notes](#12-notes)  \n13. [Image credits](#13-image-credits)  \n\n## 0. [Data Ingestion](#0-data-ingestion)\nI used the [Gravwell Fetcher] (https://github.com/gravwell/gravwell/blob/main/experiments/gravwell_fetcher/README.md) for data ingestion. \n\nBelow is a quick reference list of the resources used.\n- [Gravwell Fetcher](https://github.com/gravwell/gravwell/blob/main/experiments/gravwell_fetcher/README.md): A powerful data fetcher ingester for Gravwell that collects data from various security and productivity services including Duo, Duo, Okta, and Asana.\n- [Example Fetcher Config](https://github.com/gravwell/gravwell/blob/main/experiments/gravwell_fetcher/gravwell_fetcher.conf.example): The fetcher uses a configuration file (gravwell_fetcher.conf) to manage its settings. This is a detailed explanation of all configuration options.\n- [duo.go](https://github.com/gravwell/gravwell/blob/main/experiments/gravwell_fetcher/duo.go): This file implements the Config definitions and parsing from duoConfig.go when you build Fetcher.\n- [duoConfig.go](https://github.com/gravwell/gravwell/blob/main/experiments/gravwell_fetcher/duoConfig.go): This file defines the configuration data structures and parsing for the Duo integrations in Fetcher.\n\n***\n\n## 0.1 Download, Install and Configure the Gravwell Fetcher\n\n**Summary:** The Gravwell Fetcher provides a lightweight Go-based fetcher that polls external APIs (including Duo endpoints) and ingests events into Gravwell. \nThe Fetcher includes an [example configuration file] (https://github.com/gravwell/gravwell/blob/main/experiments/gravwell_fetcher/gravwell_fetcher.conf.example) which you need to copy and adapt for your environment prior to running the fetcher. See the [README] (https://github.com/gravwell/gravwell/blob/main/experiments/gravwell_fetcher/README.md) for further information. \n\n### Basic installation steps (example)\n\n1. Clone the Gravwell repo (or just the Fetcher):  \n    _git clone https://github.com/gravwell/gravwell.git_  \n\n2. Change directory to the Gravwell Fetcher:  \n    _cd gravwell/experiments/gravwell\\_fetcher_\n  \n3. Build the fetcher binary (standard Go build):  \n    _go build -o gravwell\\_fetcher_\n  \n4. Copy the example config to a location you will edit  \n    e.g. /etc/gravwell/gravwell\\_fetcher.conf or /opt/gravwell/etc/gravwell\\_fetcher.conf:  \n_cp gravwell\\_fetcher.conf.example /etc/gravwell/gravwell\\_fetcher.conf_\n\n5. Edit _/etc/gravwell/gravwell\\_fetcher.conf_ and replace the Duo Domain and Token values (see example below).  \n\n6. Run the fetcher (from the built binary).  \n    Typical invocation (binary + config file):  \n    _./gravwell\\_fetcher -config /etc/gravwell/gravwell\\_fetcher.conf_\n\n**Important:** the canonical example config shipped with the Gravwell Fetcher is gravwell_fetcher.conf.example — copy it and update the values.\n\n2.1 Example Gravwell Fetcher Conf (repo)\n- The repository contains _experiments/gravwell\\_fetcher/gravwell\\_fetcher.conf.example_ which is the canonical example used by this kit. Use that file as the starting point and replace the Duo Domain, Token, and any Ingester/connection settings as appropriate.  \n\n2.2 Gravwell Fetcher Example Config for Duo  \n\t\n```ini\n    [Global]  \n\tIngester-UUID=\"00000000-0000-0000-0000-0000000000\"  \n\tConnection-Timeout = 0  \n\tInsecure-Skip-TLS-Verify=false  \n\t#Cleartext-Backend-Target=127.0.0.1:4023  \n\t#Encrypted-Backend-Target=127.1.1.1:4024  \n\t#Pipe-Backend-Target=/opt/gravwell/comms/pipe  \n\t#Ingest-Cache-Path=/opt/gravwell/cache/duo.cache  \n\t#Max-Ingest-Cache=1024  \n\tLog-Level=INFO  \n\tLog-File=/opt/gravwell/log/duo_fetcher.log  \n    \n    [DuoConf \"duo-activity\"]\n        StartTime=\"2025-01-01T00:00:01.000Z\"\n        Domain=\"api-XXXXXXXX.duosecurity.com\"\n        Key=\"REPLACE_WITH_YOUR_DUO_KEY\"\n        Secret=\"REPLACE_WITH_YOUR_DUO_SECRET\"\n        DuoAPI=\"activity\"\n        Tag-Name=\"duo-activity\"\n    \n    [DuoConf \"duo-admin\"]\n        StartTime=\"2025-01-01T00:00:01.000Z\"\n        Domain=\"api-XXXXXXXX.duosecurity.com\"\n        Key=\"REPLACE_WITH_YOUR_DUO_KEY\"\n        Secret=\"REPLACE_WITH_YOUR_DUO_SECRET\"\n        DuoAPI=\"admin\"\n        Tag-Name=\"duo-admin\"\n\n    [DuoConf \"duo-auth\"]\n        StartTime=\"2025-01-01T00:00:01.000Z\"\n        Domain=\"api-XXXXXXXX.duosecurity.com\"\n        Key=\"REPLACE_WITH_YOUR_DUO_KEY\"\n        Secret=\"REPLACE_WITH_YOUR_DUO_SECRET\"\n        DuoAPI=\"authentication\"\n        Tag-Name=\"duo-auth\" \n    \n    [DuoConf \"duo-offline-enrollment\"]\n        StartTime=\"2025-01-01T00:00:01.000Z\"\n        Domain=\"api-XXXXXXXX.duosecurity.com\"\n        Key=\"REPLACE_WITH_YOUR_DUO_KEY\"\n        Secret=\"REPLACE_WITH_YOUR_DUO_SECRET\"\n        DuoAPI=\"offline-enrollment\"\n        Tag-Name=\"duo-offline-enrollment\" \n    \n    [DuoConf \"duo-telephony\"]\n        StartTime=\"2025-01-01T00:00:01.000Z\"\n        Domain=\"api-XXXXXXXX.duosecurity.com\"\n        Key=\"REPLACE_WITH_YOUR_DUO_KEY\"\n        Secret=\"REPLACE_WITH_YOUR_DUO_SECRET\"\n        DuoAPI=\"telephony\"\n        Tag-Name=\"duo-telephony\"\n```\n\t\n***\n\n## 1. [Tags \u0026 Macros](#1-tags--macros)\n#### 1.1. [Tags](#1-1-tags)\n- Purpose: Tags are an essential Gravwell concept. Every entry has a single tag associated with it; these tags allow us to separate and categorize data at a basic level.\n- [Documentation](https://docs.gravwell.io/ingesters/ingesters.html#tags)\n- The Duo Kit for Gravwell makes use of the following tags:  \n    - duo-activity: Tag contains Duo Activity log data.  \n        - Usage:  \n        `tag=duo-activity`\n    - duo-admin: Tag contains Duo Administrator log data.  \n        - Usage:  \n        `tag=duo-admin`\n    - duo-auth: Tag contains Duo Authentication log data.  \n        - Usage:  \n        `tag=duo-auth`\n    - duo-offline-enrollment: Tag contains Duo Offline Enrollment log data.  \n        - Usage:  \n        `tag=duo-offline-enrollment`\n    - duo-telephony: Tag contains Duo Telephony log data.  \n        - Usage:  \n        `tag=duo-telephony`    \n\n#### 1.2. [Autoextractors](#1-2-autoextractors)\n- Purpose: Auto-extractors are simply definitions that can be applied to tags and describe how to correctly extract fields from the data in a given tag. The “ax” module then automatically invokes the appropriate functionality of other modules.\n- [Documentation](https://docs.gravwell.io/configuration/autoextractors.html)\n- The Duo Kit for Gravwell makes use of the following autoextractors \n- Total: ***5***\n    - duo-activity: Gravwell generated JSON extraction for tag duo-activity\n    - duo-admin: Gravwell generated JSON extraction for tag duo-admin\n    - duo-auth: Gravwell generated JSON extraction for tag duo-auth\n    - duo-offline-enrollment:Gravwell generated JSON extraction for tag duo-offline-enrollment\n    - duo-telephony: Gravwell generated JSON extraction for tag duo-telephony    \n\n#### 1.3. [Macros](#1-3-macros)\n- Purpose: Search macros are a powerful feature that can help you use Gravwell more effectively. Macros can turn long, repetitive search queries into easily-remembered shortcuts.\n- [Documentation](https://docs.gravwell.io/search/macros.html)\n- The Duo Kit for Gravwell makes use of the following macros:\n- Total: ***31***\n    - Tags\n        - $DUO: Configuration Macro; Tag used for all Duo data; necessary for any queries within the Gravwell Duo Kit to run properly for dashboards, query library, and templates.\n            - Usage: `tag=$DUO`\n        - $DUO\\_ACTIVITY: Configuration Macro; Tag used for Duo Activity data; necessary for any queries within the Gravwell Duo Kit to run properly for dashboards, query library, and templates.\n            - Usage: `tag=$DUO_ACTIVITY`\n            - Reference(s): [Duo Activity Logs](https://duo.com/docs/adminapi#activity-logs)\n        - $DUO\\_ADMIN: Configuration Macro; Tag used for Duo Admin data; necessary for any queries within the Gravwell Duo Kit to run properly for dashboards, query library, and templates.\n            - Usage: `tag=$DUO_ADMIN`\n            - Reference(s): [Duo Administrator Logs](https://duo.com/docs/adminapi#administrator-logs)\n        - $DUO\\_AUTH: Configuration Macro; Tag used for Duo Authentication data; necessary for any queries within the Gravwell Duo Kit to run properly for dashboards, query library, and templates.\n            - Usage: `tag=$DUO_AUTH`\n            - Reference(s): [Duo Authentication Logs](https://duo.com/docs/adminapi#authentication-logs)\n        - $DUO\\_OFF\\_ENROLL: Configuration Macro; Tag used for all Duo Offline Enrollment data; necessary for any queries within the Gravwell Duo Kit to run properly for dashboards, query library, and templates.\n            - Usage: `tag=$DUO_OFFLINE_ENROLLMENT`\n            - Reference(s): [Duo Offline Enrollment Logs](https://duo.com/docs/adminapi#offline-enrollment-logs)\n        - $DUO\\_TELEPHONY: Configuration Macro; Tag used for all Duo Telephony data; necessary for any queries within the Gravwell Duo Kit to run properly for dashboards, query library, and templates.\n            - Usage: `tag=$DUO_TELEPHONY`\n            - Reference(s): [Duo Telephony Logs](https://duo.com/docs/adminapi#telephony-logs)\n    - EVX (Enumerated Value Extraction)\n        - $DUO\\_EVX: This macro extracts all possible Enumerated Values (EVs) from all Duo Logs.\n            - Usage: `tag=$DUO $DUO_EVX`\n        - $DUO\\_ACTIVITY\\_EVX: This macro extracts all possible Enumerated Values (EVs) from Duo Activity Logs.\n            - Usage: `tag=$DUO_ACTIVITY $DUO_ACTIVITY_EVX`\n            - Reference(s): [Duo Activity Logs](https://duo.com/docs/adminapi#activity-logs)\n        - $DUO\\_ADMIN\\_EVX: This macro extracts all possible Enumerated Values (EVs) from Duo Admin Logs.\n            - Usage: `tag=$DUO_ADMIN $DUO_ADMIN_EVX`\n            - Reference(s): [Duo Administrator Logs](https://duo.com/docs/adminapi#administrator-logs)\n        - $DUO\\_AUTH\\_EVX: This macro extracts all possible Enumerated Values (EVs) from Duo Authentication Logs.\n            - Usage: `tag=$DUO_AUTH $DUO_AUTH_EVX`\n            - Reference(s): [Duo Authentication Logs](https://duo.com/docs/adminapi#authentication-logs)\n        - $DUO\\_OFF\\_ENROLL\\_EVX: This macro extracts all possible Enumerated Values (EVs) from Duo Offline Enrollment Logs.\n            - Usage: `tag=$DUO_OFF_ENROLL $DUO_OFF_ENROLL_EVX`\n            - Reference(s): [Duo Offline Enrollment Logs](https://duo.com/docs/adminapi#offline-enrollment-logs)\n        - $DUO\\_OFF\\_ENROLL\\_DESC\\_EVX: This macro extracts all possible subfield (user_agent as enrollUserAgent, hostname as enrollHost, \u0026 factor as enrollFactor) Enumerated Values (EVs) from description EV in Duo Offline Enrollment Logs. This is intended to be used only with \"ax\" extractions.\n            - Usage: `tag=$DUO_OFF_ENROLL ax DUO_OFF_ENROLL_DESC_EVX`\n            - Reference(s): [Duo Offline Enrollment Logs](https://duo.com/docs/adminapi#offline-enrollment-logs)         \n        - $DUO\\_TELEPHONY\\_EVX: This macro extracts all possible Enumerated Values (EVs) from Duo Telephony Logs.\n            - Usage: `tag=$DUO_TELEPHONY $DUO_TELEPHONY_EVX`\n            - Reference(s): [Duo Telephony Logs](https://duo.com/docs/adminapi#telephony-logs)        \n    - Normalization\n        - $DUO\\_NORMALIZE\\_ACTOR: This macro normalizes actorEmail and actorName into a new EV named actor that is used to search both fields for a specific actor.\n            - Usage: `tag=$DUO $DUO_EVX $DUO_NORMALIZE_ACTOR | grep -e actor \"*\"`\n        - $DUO\\_NORMALIZE\\_EMAIL: This macro normalizes authEmail (Duo Authentication Logs), and adminEmail (Duo Admin Logs) into 1 Enumerated Value (EV) named email.\n            - Usage: `tag=$DUO $DUO_EVX $DUO_NORMALIZE_EMAIL`\n            - IMPORTANT: It must be run after $DUO, and $DUO_EVX. Please Note: It can be used in conjunction with any of the other \"NORMALIZE\" macros.\n        - $DUO\\_NORMALIZE\\_EVENTTYPE: This macro normalizes event_type (Duo Authentication Logs), actionName (Duo Activity Logs), context (Duo Telephony Logs), and action (Duo Admin and Duo Offline Enrollment Logs) into 1 Enumerated Value (EV) named eventType.\n            - Usage: `tag=$DUO $DUO_EVX $DUO_NORMALIZE_EVENTTYPE`\n            - ***IMPORTANT***: It must be run after $DUO, and $DUO_EVX. Please Note: It can be used in conjunction with any of the other \"NORMALIZE\" macros.\n        - $DUO\\_NORMALIZE\\_OUTCOME: This macro normalizes authResult (Duo Authentication Logs), activityResult (Duo Activity Logs), adminAction (Duo Admin Logs), context (Duo Telephony Logs), and action (Duo Offline Enrollment Logs) into 1 Enumerated Value (EV) named outcome.\n            - Usage: `tag=$DUO $DUO_EVX $DUO_NORMALIZE_OUTCOME`\n            - IMPORTANT: It must be run after $DUO, and $DUO_EVX. Please Note: It can be used in conjunction with any of the other \"NORMALIZE\" macros.\n        - $DUO\\_NORMALIZE\\_SRC\\_IP: This macro normalizes accessIP/authIP (Duo Authentication Logs), activityIP (Duo Activity Logs), and adminIP (Duo Admin) into 1 Enumerated Value (EV) named src_ip.\n            - Usage: `tag=$DUO $DUO_EVX $DUO_NORMALIZE_SRC_IP`\n            - ***IMPORTANT***: It must be run after $DUO, and $DUO_EVX. Please Note: It can be used in conjunction with any of the other \"NORMALIZE\" macros.\n        - $DUO\\_NORMALIZE\\_TARGET: This macro normalizes targetEmail and targetName into a new EV named target that is used to search both fields for a specific target.\n            - Usage: `tag=$DUO $DUO_EVX $DUO_NORMALIZE_TARGET | grep -e target \"*\"`\n        - $DUO\\_NORMALIZE\\_TXID: This macro normalizes txid (Duo Authentication Logs), activity_id (Duo Activity Logs), actor (Duo Admin Logs), and txid (Duo Telephony and Duo Offline Enrollment Logs) into 1 Enumerated Value (EV) named transactionId.\n            - Usage: `tag=$DUO $DUO_EVX $DUO_NORMALIZE_ACTOR $DUO_NORMALIZE_TXID`\n            - IMPORTANT: It must be run after $DUO, and $DUO_EVX. Please Note: It can be used in conjunction with any of the other \"NORMALIZE\" macros.\n    - Alert Components\n        - Alert Base\n            - $DUO\\_ALERT\\_BASE: This is the base of which all alerts are built upon. This is necessary for the rest of the actual alerting logic to occur due to the Enumerated Value Extraction (EVX), EV enrichment and normalization performed by the dependencies listed below. Dependencies: $DUO\\_EVX; $DUO\\_ALERT\\_ENRICH.\n            - $DUO\\_ALERT\\_ENRICH: This is a dependency as a part of the $DUO_ALERT_BASE which all alerts are built upon. This is necessary for the rest of the actual alerting logic to occur due to the Enumerated Value enrichment and normalization performed by the macro. Dependencies: Resource Lookups: duo\\_eventTypes, duo\\_privileged\\_actor, duo\\_protected\\_target.\n        - Risk\n            - $DUO\\_RISK\\_SCORE: This rule dynamically calculates an Duo risk score based on event type, category, subcategory, modifications, and outcome for modification event types. This is a dependency as a part of the $DUO_MOD_ALERT which all modification event type alerts are built upon. It calculates a risk score based on the event type, category, and subcategory with bumps for outcome, modification event types, privileged \u0026 protected users then dumps it into a priority bucket.\n        - Tuning\n            - $DUO\\_TUNE\\_IP: Provides tuning for IP addresses (actor/target) using duo\\_ip\\_allowlist and duo\\_ip\\_denylist.\n            - $DUO\\_TUNE\\_USER: Provides tuning for users (actor/target) using duo\\_user\\_allowlist and duo\\_user\\_denylist.\n        - Reporting \u0026 Searching\n            - $DUO\\_ALERT\\_RECIPIENT: Configuration Macro: This is the address to which Duo Alert Flows will be sent to. Email Server Settings must be configured under Account \u003e Email Server \u003e Email Server Settings in order for your alerts to function properly.\n            - $DUO\\_ALERT\\_SENDER: Configuration Macro: This is the address to which Duo Alert Flows will be sent from. Email Server Settings must be configured under Account \u003e Email Server \u003e Email Server Settings in order for your alerts to function properly.\n            - $GRAVWELL\\_INSTANCE: Configuration Macro; Necessary for url links within emails generated by alerts \u0026 flows within the Duo Kit to run properly.; https://\u003cchange\\_me\\_to\\_your\\_specific\\_url\u003e:\u003cchange\\_to\\_your\\_specific\\_port\u003e\n            - $DUO\\_ALERT\\_META: This macro standardizes output for Duo Alerts that are being alerted upon. It dynamically changes values in the \\_alert\\_title based on the core of the query. \n            - $DUO\\_ALERT\\_TABLE: This macro standardizes output for Duo Alerts that are being alerted upon. It dynamically changes values in the \\_alert\\_title based on the core of the query. \n        - Alert Queries \u0026 Scheduled Searches\n            - $DUO\\_MOD\\_ALERT: Detects modification alerts that are configured within the duo\\_eventTypes lookup resource.\n        \n***\n\n## 2. [Query Library](#2-query-library)\n- Purpose: Queries within the Query Library drive [dashboards](#10-dashboards) via [searches](#8-searches), [scheduled searches](#6-scheduled-searches) via [alert queries](#8-1-alert-queries), and [playbooks](#7-playbooks).\n- [Documentation](https://docs.gravwell.io/gui/querylibrary/querylibrary.html)\n\t- Updating a query in the library updates dependent dashboards and scheduled searches automatically.\n\t- Total queries: ***19***\n        - [Alert Queries](#8-1-alert-queries): ***1***\n        - [Searches](#8-searches): ***18***\n\n***\n\n## 3. [Naming Schema](#3-naming-schema)\n- Purpose: The use of a standard naming convention enables users to quickly understand the function, severity, and context of a query or component. This approach facilitates efficient identification, reuse, and troubleshooting without ambiguity.\n- _QueryType - Company - Category/Logtype - Subcategory/Log Subtype - Severity/Priority - Name [Visualization - **if any**]_\n- Examples:\n    - Dashboards: _Dashboard - Duo - System - Overview_\n    - Templates: _Template - Duo - System - Event Types - Category [chart]_\n    - Searches: _Search - Duo - Activity - User Country [numbercard]_\n    - Alerts: _Alert - Duo - System - Event Types - High - Modification Alerts [EMAIL]_\n\n***\n\n## 4. [Resources](#4-resources)\n- Purpose: Resources allow users to store persistent data for use in searches.\n- [Documentation](https://docs.gravwell.io/resources/resources.html)\n\n#### 4.1 [Lookups](#4-1-lookups)\n- Purpose: Lookup Resources are used by the lookup module to perform data enrichment and translation off of a static lookup table stored in a resource.\n- [Documentation](https://docs.gravwell.io/search/lookup/lookup.html)\n- Total: ***11***\n    - duo\\_activity\\_evx\\_enrichment\n        - This is intended to be used as a lookup file providing additional information regarding Duo Activity event types.\n        - Fields: category, subcategory, ev, preEVX, description, value, value_description\n        - Usage: `dump -r duo_activity_evx_enrichment | table`\n    - duo\\_admin\\_evx\\_enrichment\n        - This is intended to be used as a lookup file providing additional information regarding Duo Admin event types.\n        - Fields: category, subcategory, ev, preEVX, description, value, value_description\n        - Usage: `dump -r duo_admin_evx_enrichment | table`\n    - duo\\_auth\\_evx\\_enrichment\n        - This is intended to be used as a lookup file providing additional information regarding Duo Authentication event types.\n        - Fields: category, subcategory, ev, preEVX, description, value, value_description\n        - Usage: `dump -r duo_auth_evx_enrichment | table`\n    - duo\\_eventType\\_risk\n        - This is intended to be used as a lookup file providing additional information regarding Duo event types. It is used within the Duo Kit for dashboards, macros, scheduled searches, alerts, flows, and templates.\n        - Fields: tag, log\\_source, category, subcategory, preEVX, evx, value, description, is\\_mod, risk\\_score, \\_priority\n        - Usage: `dump -r duo_eventType_risk | table`\n    - duo\\_eventTypes\n        - This is intended to be used as a lookup file providing additional information regarding Duo event types. It is used within the Duo Kit for dashboards, macros, scheduled searches, alerts, flows, and templates.\n        - Fields: tag, log\\_source, category, subcategory, preEVX, evx, value, description, is\\_mod\n        - Usage: `dump -r duo_eventTypes | table`\n    - duo\\_ip\\_allowlist\n        - Provides a tuning control to suppress alerts from known-good source IPs (resolved from clientIp, else requestIp), per alert or globally, with optional expiry.\n        - Fields: key, enabled, until\\_ymd, reason, owner\n        - Key format: \u003cip\u003e|\u003calert_name_or_*\u003e\n        - Usage: `$DUO_ALERT_BASE $DUO_RISK_SCORE $DUO_TUNE_IP $DUO_TUNE_USER $DUO_ALERT_META $DUO_ALERT_TABLE`\n    - duo\\_ip\\_denylist\n        - Provides a tuning control to force-include or escalate alerts for watchlisted source IPs, optionally only when risk_score \u003e= min_risk, per alert or globally.\n        - Fields: key, enabled, min\\_risk, reason, owner\n        - Key format: \u003cip\u003e|\u003calert_name_or_*\u003e\n        - Usage: `$DUO_ALERT_BASE $DUO_RISK_SCORE $DUO_TUNE_IP $DUO_TUNE_USER $DUO_ALERT_META $DUO_ALERT_TABLE`\n    - duo\\_privileged\\_actor\n        - Provides a tuning opportunity for monitoring High Privileged Actor Accounts and weigh their severity/priority differently compared to an end user without system, domain, root, etc. permissions within the environment.\n        - Fields: account, actor\\_weight, actor\\_label, notes\n        - Usage: `$DUO_ALERT_BASE $DUO_RISK_SCORE $DUO_TUNE_IP $DUO_TUNE_USER $DUO_ALERT_META $DUO_ALERT_TABLE`\n    - duo\\_protected\\_target\n        - Provides a tuning opportunity for monitoring High Privileged Target Accounts and weigh their severity/priority differently compared to an end user without system, domain, root, etc. permissions within the environment.\n        - Fields: account, target\\_weight, target\\_label, notes\n        - Usage: `$DUO_ALERT_BASE $DUO_RISK_SCORE $DUO_TUNE_IP $DUO_TUNE_USER $DUO_ALERT_META $DUO_ALERT_TABLE`\n    - duo\\_user\\_allowlist\n        - Provides a tuning control to suppress known-benign alerts for specific users (actor or target), either for a single alert name or globally, with optional expiry.\n        - Fields: key, enabled, until_ymd, reason, owner\n        - Key format: \u003cnormalized_user\u003e|\u003calert_name_or_*\u003e\n        - Usage: `$DUO_ALERT_BASE $DUO_RISK_SCORE $DUO_TUNE_IP $DUO_TUNE_USER $DUO_ALERT_META $DUO_ALERT_TABLE`\n    - duo\\_user\\_denylist\n        - Provides a tuning control to force-include or escalate alerts for specific users, optionally only when risk_score \u003e= min_risk, per alert or globally.\n        - Fields: key, enabled, min_risk, reason, owner\n        - Key format: \u003cnormalized_user\u003e|\u003calert_name_or_*\u003e\n        - Usage: `$DUO_ALERT_BASE $DUO_RISK_SCORE $DUO_TUNE_IP $DUO_TUNE_USER $DUO_ALERT_META $DUO_ALERT_TABLE`\n\n***\n\n## 5. [Alerts](#5-alerts)\n- Purpose: Alerts notify you of potential nefarious actions that took place within and/or against your environment by tying dispatchers and consumers together.\n- [Documentation](https://docs.gravwell.io/alerts/alerts.html#alerts)\n- Total: ***3***\n    - Alert - Duo - System - Event Types - Modification Alerts [EMAIL]\n    - Alert - Duo - System - Event Types - Modification Alerts [Jira Service Management]\n    - Alert - Duo - System - Event Types - Modification Alerts [Jira Platform]\n- Naming Schema: _Alert - Duo - Category/Logtype - Subcategory/Log Subtype - Severity/Priority - AlertName_\n\n#### 5.1 [Dispatchers](#5-1-dispatchers)\n- Purpose: Dispatchers generate events. A typical dispatcher would be a scheduled search that runs on an interval; every result returned by a scheduled search is considered an event.\n    - Dispatchers = [Scheduled Searches](#6-scheduled-searches)\n- [Documentation](https://docs.gravwell.io/alerts/alerts.html#adding-dispatchers)\n\n#### 5.2 [Consumers](#5-2-consumers)\n- Purpose: Consumers process and respond to events. A typical consumer would be a flow that sends an email to an administrator, or opens a ticket in the ticketing system. Each consumer runs once per event.\n    - Consumers = [Flows](#6-1-flows)\n- [Documentation](https://docs.gravwell.io/alerts/alerts.html#defining-a-consumer)\n\n***\n\n## 6. [Scheduled Searches](#6-scheduled-searches)\n- Purpose: Scheduled Searches are typically dependent on “AlertQuery - Duo - …” queries within the [Query Library](#2-query-library).\n- [Documentation](https://docs.gravwell.io/scripting/scheduledsearch.html)\n- Total: ***1***\n    - ScheduledSearch - Duo - System - Event Types - Modification Alerts: Detects modification alerts that are configured within the duo\\_eventTypes lookup resource. \n- Naming Schema: _ScheduledSearch - Duo - Category/Logtype - Subcategory/Log Subtype - Severity/Priority - ScheduledSearchName_\n    - Cron schedule: 30 * * * *\n\n#### 6.1. [Flows](#6-1-flows)\n- Purpose: Flows provide a no-code method for developing advanced automations in Gravwell.\n- [Documentation](https://docs.gravwell.io/flows/flows.html)\n- Total: ***3***\n    - Flow - Duo - System - Event Types - Modification Alerts [EMAIL]: This Flow is intended as a template to send Duo Modification Alerts from $DUO\\_ALERT\\_SENDER to $DUO\\_ALERT\\_RECIPIENT.\n    - Flow - Duo - System - Event Types - Modification Alerts [Jira Service Management]: This Flow is intended as a template to send Duo Modification Alerts over to your instance of Jira Service Management (JSM).\n    - Flow - Duo - System - Event Types - Modification Alerts [Jira Platform]: This Flow is intended as a template to send Duo Modification Alerts over to your specified project on Jira Platform.\n***\n\n## 7. [Playbooks](#7-playbooks)\n- Purpose: Playbooks are hypertext documents within Gravwell which help guide users through common tasks, describe functionality, and record information about data in the system.\n- [Documentation](https://docs.gravwell.io/gui/playbooks/playbooks.html)\n- Total: ***1***\n    - Duo Kit for Gravwell - README\n- Naming Schema: _Playbook - Duo - Category/Logtype - Subcategory/Log Subtype - Severity/Priority - PlaybookName_\n\n***\n\n## 8. [Searches](#8-searches)\n- Purpose: These queries within the Query Library drive [dashboards](#10-dashboards) to quickly view Duo data in an easily digestible format.\n- [Documentation](https://docs.gravwell.io/gui/querylibrary/querylibrary.html)\n- Total: ***18***\n\t- Search - Duo - Activity - User City [chart]: Displays a chart of the user's City by count.\n\t- Search - Duo - Activity - User City [numbercard]: Displays a numbercard of the user's City by count.\n    - Search - Duo - Activity - User City [table]: Displays a table of the user's City by count.\n\t- Search - Duo - Activity - User Country [chart]: Displays a chart of the user's Country by count.\n\t- Search - Duo - Activity - User Country [numbercard]: Displays a numbercard of the user's Country by count.\n    - Search - Duo - Activity - User Country [table]: Displays a table of the user's Country by count.\n\t- Search - Duo - Activity - User State [chart]: Displays a chart of the user's State by count.\n\t- Search - Duo - Activity - User State [numbercard]: Displays a numbercard of the user's State by count.\n    - Search - Duo - Activity - User State [table]: Displays a table of the user's State by count.\n\t- Search - Duo - System - Event Types - Count by Category [chart]: Detects a chart of event types by category. \n\t- Search - Duo - System - Event Types - Count by Category [table]: Detects a table of event types by category. \n\t- Search - Duo - System - Event Types - Count by Category, Subcategory [chart]: Detects a chart of event types by category, and subcategory. \n\t- Search - Duo - System - Event Types - Count by Category, Subcategory [table]: Detects a table of event types by category, and subcategory. \n\t- Search - Duo - System - Event Types - Count by Category, Subcategory, Event Type [chart]: Detects a chart of event types by category, subcategory, and event type. \n\t- Search - Duo - System - Event Types - Count by Category, Subcategory, Event Type [table]: Detects a table of event types by category, subcategory, and event type. \n\t- Search - Duo - System - Event Types - Count by Tag [chart]: This will display the amount of events consumed by Duo Tag in a pie chart over the specified timeframe. \n\t- Search - Duo - System - Event Types - Count by Tag [table]: This will display the amount of events consumed by Duo Tag in a table over the specified timeframe. \n    - Search - Duo - System - Event Types - Modification Alerts by Priority [numbercard]: Displays a numbercard of by Priority (_alert_priority).\n- Naming Schema: _Search - Duo - Category/Logtype - Subcategory/Log Subtype - Severity/Priority - SearchName [Visualization - **if any**]_\n\n#### 8.1. [Alert Queries](#8-1-alert-queries)\n- Alert Queries feed [Scheduled Searches](#6-scheduled-searches)\n- IMPORTANT: If you need to update or tune, this is where you perform that action.\n- Total: ***1***\n    - AlertQuery - Duo - System - Event Types - Modification Alerts: Detects modification alerts that are configured within the duo\\_eventTypes lookup resource. \n- Naming Schema: _AlertQuery - Duo - Category/Logtype - Subcategory/Log Subtype - Severity/Priority - AlertName_\n\n***\n\n## 9. [Templates](#9-templates)\n- Purpose: Templates are special objects which define a Gravwell query containing variables.\n- [Documentation](https://docs.gravwell.io/gui/templates/templates.html)\n- Total: ***14***\n\t- Template - Duo - MFA - Activity - User Activity [table]: This displays a table of all User Activity for the specified User, IP Address, and Location.\n\t- Template - Duo - MFA - Administrator - Admin Actions [table]: This displays a table o all Administrator Actions for the specified User, and IP Address.\n\t- Template - Duo - MFA - Authentication - User Auth [table]: This displays a table of all User Authentications for the specified User, IP Address, and Location.\n\t- Template - Duo - MFA - Offline Enrollment - Enrollment Actions [table]: This displays a table of all Enrollment Actions for the specified User.\n\t- Template - Duo - System - Event Types - Category [chart]: Detects a chart of event types by category. \n\t- Template - Duo - System - Event Types - Category [table]: Detects a table of event types by category. \n\t- Template - Duo - System - Event Types - Category, Subcategory [chart]: Detects a chart of event types by category, and subcategory. \n\t- Template - Duo - System - Event Types - Category, Subcategory [table]: Detects a table of event types by category, and subcategory. \n\t- Template - Duo - System - Event Types - Category, Subcategory, Event Type [chart]: Detects a chart of event types by category, subcategory, and event type. \n\t- Template - Duo - System - Event Types - Category, Subcategory, Event Type [table]: Detects a table of event types by category, subcategory, and event type. \n\t- Template - Duo - System - Event Types - Modification Alerts by Location [numbercard]: Displays a numbercard by Location (src_ip).\n\t- Template - Duo - System - Event Types - Modification Alerts by Priority [numbercard]: Displays a numbercard of by Priority (_alert_priority).\n\t- Template - Duo - System - Event Types - Modification Alerts by Source IP Address [numbercard]: Displays a numbercard by Source IP Address (src_ip).\n\t- Template - Duo - System - Event Types - Modification Alerts by User [numbercard]: Displays a numbercard by username (actor/actorName/target/targetName/oldTargetName).\n\n***\n\n## 10. [Dashboards](#10-dashboards)\n- Purpose: Dashboards are Gravwell’s way of showing the results from multiple searches at the same time.\n- [Documentation](https://docs.gravwell.io/gui/dashboards/dashboards.html)\n- Total: ***4***\n\t- Duo User Location Overview: This Dashboard is a general overview of your Duo User Location data.\n\t- Duo General Overview: This Dashboard is a general overview of your Duo Category, Subcategory, and Event Type data.\n\t- Duo Investigation: This Dashboard is intended to be used for Duo investigations.\n\t- Duo Category Overview: This Dashboard is a general overview of your Duo Category, Subcategory, and Event Type data based on the inputted variable.\n\n#### 10.1 [Actionables](#10-1-actionables)\n- Purpose: Actionables provide a way to create custom menus that key on any text rendered in a query; users can take different actions on that text by selecting options in the menus.\n- [Documentation](https://docs.gravwell.io/gui/actionables/actionables.html)\n- Total: ***3***\n    - Duo Target: Duo Actions on Target to Launch Duo Investigation Dashboard.\n    - Duo Actor: Duo Actions on Actor to Launch Duo Investigation Dashboard.\n    - Duo IP: Duo Actions on IP Addresses to Launch Duo Investigation Dashboard.\n\n***\n\n## 11. [Useful Resources \u0026 References](#11-useful-resources--references)\n- Gravwell\n\t- [Gravwell Fetcher](https://github.com/gravwell/gravwell/blob/main/experiments/gravwell_fetcher/README.md)\n\t- [Example Fetcher Config](https://github.com/gravwell/gravwell/blob/main/experiments/gravwell_fetcher/gravwell_fetcher.conf.example)\n\t- [duo.go](https://github.com/gravwell/gravwell/blob/main/experiments/gravwell_fetcher/duo.go)\n\t- [duoConfig.go](https://github.com/gravwell/gravwell/blob/main/experiments/gravwell_fetcher/duoConfig.go)\n\t- [Tags](https://docs.gravwell.io/ingesters/ingesters.html#tags)\n\t- [Autoextractors](https://docs.gravwell.io/configuration/autoextractors.html)\n\t- [Macros](https://docs.gravwell.io/search/macros.html)\n\t- [Query Library](https://docs.gravwell.io/gui/querylibrary/querylibrary.html)\n\t- [Resources](https://docs.gravwell.io/resources/resources.html)\n\t- [Lookups](https://docs.gravwell.io/search/lookup/lookup.html)\n\t- [Alerts](https://docs.gravwell.io/alerts/alerts.html#alerts)\n\t- [Dispatchers](https://docs.gravwell.io/alerts/alerts.html#adding-dispatchers)\n\t- [Consumers](https://docs.gravwell.io/alerts/alerts.html#defining-a-consumer)\n\t- [Scheduled Searches](https://docs.gravwell.io/scripting/scheduledsearch.html)\n\t- [Flows](https://docs.gravwell.io/flows/flows.html)\n\t- [Playbooks](https://docs.gravwell.io/gui/playbooks/playbooks.html)\n\t- [Searches](https://docs.gravwell.io/gui/querylibrary/querylibrary.html)\n\t- [Templates](https://docs.gravwell.io/gui/templates/templates.html)\n\t- [Dashboards](https://docs.gravwell.io/gui/dashboards/dashboards.html)\n\t- [Actionables](https://docs.gravwell.io/gui/actionables/actionables.html)\n- Duo\n    - [Duo Admin API](https://duo.com/docs/adminapi)\n    - [Activity Logs](https://duo.com/docs/adminapi#activity-logs)\n    - [Administrator Logs](https://duo.com/docs/adminapi#administrator-logs)\n    - [Authentication Logs](https://duo.com/docs/adminapi#authentication-logs)\n    - [Offline Enrollment Logs](https://duo.com/docs/adminapi#offline-enrollment-logs)\n    - [Telephony Logs](https://duo.com/docs/adminapi#telephony-logs)\n\n***\n\n## 12. [Notes](#12-notes)\n\n***\n\n## 13. [Image credits](#13-image-credits)\n- [Duo](https://help.duo.com/s/article/2213?language=en_US)\n- Duo images are wholly owned by Duo and distributed according to the [Duo Deployment Signage](https://help.duo.com/s/article/2213?language=en_US) and are **NOT** subject to any Gravwell licensing.\n\n***",
+	"Readme": "This kit is designed to provide an out-of-the-box experience for working with Duo logs.\n\nIt provides the following utilities:\n- Baseline set of tags\n- Autoextractors\n- Macros\n- Queries\n- Lookup resources\n- Alerts\n- Scheduled searches\n- Flows\n- Actionables\n- Dashboards\n\nThe Duo Kit is licensed under the BSD 2-Clause license and the contents are available on [Github](https://github.com/gravwell/kits/tree/main/duo).\n\n## Dependencies\n- Null\n\n## Changelog\n**1.0: Initial Release**\n- actionables (3)\n- alert (3)\n- autoextractor (5)\n- dashboard (4)\n- file (3)\n- license (1)\n- macro (31)\n- playbook (1)\n- resource (11)\n- scheduled (4)\n  - scheduled searches (1)\n  - flows (3)\n- searchlibrary (19)\n  - alert queries (1)\n  - dashboard searches (18)\n- template (14)",
 	"Version": 1,
 	"MinVersion": {
 		"Major": 0,
@@ -19,7 +19,7 @@
 	"Cover": "403ab14e-f9b1-44af-ae2f-595d7379f967",
 	"Items": [
 		{
-			"Name": "Apache 2.0 License",
+			"Name": "BSD 2-Clause",
 			"Type": 10,
 			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
 		},
diff --git a/duo/README.md b/duo/README.md
index 64f21e79..fb5cc547 100644
--- a/duo/README.md
+++ b/duo/README.md
@@ -1,27 +1,37 @@
-# Duo Kit
+This kit is designed to provide an out-of-the-box experience for working with Duo logs.
 
-The Duo Kit provides a baseline set of tags, autoextractors, macros, saved queries, lookup resources, alerts, scheduled searches, flows, playbooks, actionables, dashboard searches, alert queries, and dashboards for your Duo data.
+It provides the following utilities:
+- Baseline set of tags
+- Autoextractors
+- Macros
+- Queries
+- Lookup resources
+- Alerts
+- Scheduled searches
+- Flows
+- Actionables
+- Dashboards
 
-The Duo Kit is licensed under the Apache 2.0 license and the contents are available on [Duo](https://github.com/gravwell/kits/tree/main/duo).
+The Duo Kit is licensed under the BSD 2-Clause license and the contents are available on [Github](https://github.com/gravwell/kits/tree/main/duo).
 
 ## Dependencies
-- N/A
+- Null
 
 ## Changelog
-- 1.0: Initial Release
-	- actionables 				03
-	- alert 					03
-	- autoextractor 			05
-	- dashboard 				04
-	- file 						03
-	- license 					01
-	- macro 					31
-	- playbook 					01
-	- resource 					11
-	- scheduled 				04
-		- scheduled searches 	01
-		- flows 				03
-	- searchlibrary 			19
-		- alert queries 		01
-		- dashboard searches 	18
-	- template 					14
\ No newline at end of file
+ **1.0: Initial Release**
+	- actionables (3)
+	- alert (3)
+	- autoextractor (5)
+	- dashboard (4)
+	- file (3)
+	- license (1)
+	- macro (31)
+	- playbook (1)
+	- resource (11)
+	- scheduled (4)
+		- scheduled searches (1)
+		- flows (3)
+	- searchlibrary (19)
+		- alert queries (1)
+		- dashboard searches (18)
+	- template (14)
\ No newline at end of file
diff --git a/duo/banner.png b/duo/banner.png
new file mode 100644
index 00000000..965bceca
Binary files /dev/null and b/duo/banner.png differ
diff --git a/duo/cover.png b/duo/cover.png
new file mode 100644
index 00000000..f02094c7
Binary files /dev/null and b/duo/cover.png differ
diff --git a/duo/duo-banner.png b/duo/duo-banner.png
deleted file mode 100644
index e9d3b59d..00000000
Binary files a/duo/duo-banner.png and /dev/null differ
diff --git a/duo/duo-cover.png b/duo/duo-cover.png
deleted file mode 100644
index e9d3b59d..00000000
Binary files a/duo/duo-cover.png and /dev/null differ
diff --git a/duo/duo-logo.png b/duo/duo-logo.png
deleted file mode 100644
index e9d3b59d..00000000
Binary files a/duo/duo-logo.png and /dev/null differ
diff --git a/duo/duo.metadata b/duo/duo.metadata
index 52354741..7841a73e 100644
--- a/duo/duo.metadata
+++ b/duo/duo.metadata
@@ -9,13 +9,13 @@
   "Assets": [
     {
       "Type": "image",
-      "Source": "duo-cover.png",
+      "Source": "cover.png",
       "Legend": "Duo Cover",
       "Featured": true
     },
     {
       "Type": "image",
-      "Source": "duo-banner.png",
+      "Source": "banner.png",
       "Legend": "Duo Banner",
       "Featured": true,
       "Banner": true
@@ -30,12 +30,12 @@
     {
       "context": "cover",
       "type": "image",
-      "file": "duo-cover.jpg"
+      "file": "cover.png"
     },
     {
       "context": "banner",
       "type": "image",
-      "file": "duo-banner.jpg"
+      "file": "banner.png"
     }
   ],
   "readme": "README.md"
diff --git a/duo/file/403ab14e-f9b1-44af-ae2f-595d7379f967.contents b/duo/file/403ab14e-f9b1-44af-ae2f-595d7379f967.contents
index e9d3b59d..f02094c7 100644
Binary files a/duo/file/403ab14e-f9b1-44af-ae2f-595d7379f967.contents and b/duo/file/403ab14e-f9b1-44af-ae2f-595d7379f967.contents differ
diff --git a/duo/file/5637d8b1-015b-44c8-b06f-5e44057437dd.contents b/duo/file/5637d8b1-015b-44c8-b06f-5e44057437dd.contents
index e9d3b59d..403c4dbe 100644
Binary files a/duo/file/5637d8b1-015b-44c8-b06f-5e44057437dd.contents and b/duo/file/5637d8b1-015b-44c8-b06f-5e44057437dd.contents differ
diff --git a/duo/file/ea112e34-14c6-4277-8840-1833edd95272.contents b/duo/file/ea112e34-14c6-4277-8840-1833edd95272.contents
index e9d3b59d..965bceca 100644
Binary files a/duo/file/ea112e34-14c6-4277-8840-1833edd95272.contents and b/duo/file/ea112e34-14c6-4277-8840-1833edd95272.contents differ
diff --git a/duo/license/Apache 2.0 License.meta b/duo/license/Apache 2.0 License.meta
deleted file mode 100644
index 2bb9ad24..00000000
--- a/duo/license/Apache 2.0 License.meta	
+++ /dev/null
@@ -1,176 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
\ No newline at end of file
diff --git a/duo/license/BSD 2-Clause.meta b/duo/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/duo/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/fortinet/MANIFEST b/fortinet/MANIFEST
index b0378c29..acd70f4b 100644
--- a/fortinet/MANIFEST
+++ b/fortinet/MANIFEST
@@ -19,7 +19,7 @@
 	"Cover": "049ad467-f7f2-475e-8975-f89a14fdeba8",
 	"Items": [
 		{
-			"Name": "Apache 2.0 License",
+			"Name": "BSD 2-Clause",
 			"Type": 10,
 			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
 		},
diff --git a/fortinet/LICENSE.txt b/fortinet/NOTICE.txt
similarity index 100%
rename from fortinet/LICENSE.txt
rename to fortinet/NOTICE.txt
diff --git a/fortinet/license/Apache 2.0 License.meta b/fortinet/license/Apache 2.0 License.meta
deleted file mode 100644
index 2bb9ad24..00000000
--- a/fortinet/license/Apache 2.0 License.meta	
+++ /dev/null
@@ -1,176 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
\ No newline at end of file
diff --git a/fortinet/license/BSD 2-Clause.meta b/fortinet/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/fortinet/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/github/MANIFEST b/github/MANIFEST
index db567261..b76091db 100644
--- a/github/MANIFEST
+++ b/github/MANIFEST
@@ -2,7 +2,7 @@
  "ID": "io.gravwell.github",
  "Name": "GitHub",
  "Desc": "The GitHub Kit by Gravwell provides a baseline set of queries, alerts, scheduled searches, and dashboards for your GitHub data. ",
- "Readme": "# Gravwell GitHub Kit\n\nA comprehensive toolkit for interacting with GitHub data in Gravwell. This kit includes dashboards, query libraries, resources, templates, and alerts to help streamline GitHub data analysis.\n\n***\n\n# Table of Contents\n\n1. [Introduction](#introduction)\n2. [Tags & Macros](#tags&macros)\n3. [Query Library](#query-library)\n4. [Dashboards](#dashboards)  \n\t4.1 [GitHub Overview](#github-overview)  \n\t4.2 [GitHub Pull Requests](#github-pull-requests)  \n\t4.3 [GitHub User/Actor Investigation](#github-user-investigation)  \n\t4.4 [GitHub IP Address Investigation](#github-actor-investigation)  \n5. [Resources](#resources)  \n\t5.1 [github\\_audit\\_events](#github\\_audit\\_events)  \n\t5.2 [github\\_cidr](#github\\_cidr)  \n\t5.3 [github\\_domains](#github\\_domains)  \n\t5.4 [Example Queries Using Resources](#example-queries-using-resources)  \n\t6. [Templates](#templates)  \n7. [Alerts, Searches, and Scheduled Searches](#alerts-searches-and-scheduled-searches)  \n8. [Image Credits](#image-credits)  \n\n***\n\n## 1. Introduction\n\nThe Gravwell GitHub Kit provides a set of tools and pre-built resources to analyze GitHub activity efficiently. Use it for monitoring pull requests, investigating users and actors, and correlating GitHub data with IPs or domains.\n\n***\n\n## 2. Tags & Macros\n\nThe Gravwell GitHub Kit makes use of the following tags:\n- github: used to tag general GitHub data & events\n- github-audit: used to tag GitHub audit events\n\nThe Gravwell GitHub Kit makes use of the following macros:\n- $GITHUB: Necessary for any queries within the Gravwell GitHub Kit to run properly; github\n\t- Usage: tag=$GITHUB\n\t- **Important:** If your \"Tag-Name\" is different than what is in the Macro, **NONE** of the Queries, Scheduled Searches, Alerts, Flows, or Dashboards will work! \n\t\t- This is configured during kit installation, and can be changed later on in the Macros section within Gravwell.\n- $GITHUB\\_AUDIT: Necessary for any queries within the Gravwell GitHub Kit to run properly; github-audit\n\t- Usage: tag=$GITHUB_AUDIT\n\t- **Important:** If your \"Tag-Name\" is different than what is in the Macro, **NONE** of the Queries, Scheduled Searches, Alerts, Flows, or Dashboards will work! \n\t\t- This is configured during kit installation, and can be changed later on in the Macros section within Gravwell.\n- $GITHUB\\_ALERT\\_META: This macro standardizes output for GitHub queries that are being alerted upon.\n\t- Usage $GITHUB\\_ALERT\\_META(priority[string], message[string]) \n\t\t- i.e. $GITHUB\\_ALERT\\_META(\"Medium\", \"GitHub Account Changed\")\n- $GITHUB\\_ALERT\\_RECIPIENT: This is the address to which GitHub Alert Flows will be sent to.\n\t- Replace \"replace\\_me@with\\_valid\\_recipient.address\"\n- $GITHUB\\_ALERT\\_SENDER: This is the address to which GitHub Alert Flows will be sent from.\n\t- Replace \"replace\\_me@with\\_valid\\_sender.address\"\n\n***\n\n## 3. Query Library\n\nWe\u2019ve created several baseline queries to interact with your GitHub data. These queries serve as a foundation for custom analysis and can be adapted to your specific needs.\n\n***\n\n## 4. Dashboards\n\nThe kit includes a variety of dashboards designed to provide insights into GitHub activity:\n\n#### 4.1 GitHub Overview\n- A general overview of your GitHub data, summarizing key metrics.\n#### 4.2 GitHub Pull Requests\n- Provides an overview of all Pull Requests across repositories, including their status and activity trends.\n#### 4.3 GitHub User/Actor Investigation\n- Intended for investigating specific GitHub users/actors, including their activity and interactions.\n\t- Actor is the user who performed the action.\n\t- User is the user who had the action performed against their account. \n#### 4.4 GitHub IP Investigation\n- Used for investigating specific IP addresses, including their activity and interactions.\n\n***\n\n## 5. Resources\n\nThese lookup files enhance queries and dashboards by providing contextual information about GitHub activity.\n\n#### 5.1 github\\_audit\\_events\n- A lookup file for GitHub Audit Event information.  \n\t- **Fieldnames:** category, name, description\n#### 5.2 github\\_cidr\n- A CIDR lookup file for mapping IP addresses in queries.  \n\t- **Fieldnames:** company, category, CIDR\n#### 5.3 github\\_domains\n- A lookup file for GitHub domains and their associated categories.  \n\t- **Fieldnames:** company, category, domain\n#### 5.4 Example Queries Using Resources\n### Example 1: Pull Requests with IP Lookup\n```query\n\ttag=$GITHUB_AUDIT json action~\"pull_request.create\" repo SRC\n\t| alias SRC src_ip\n\t| iplookup -r github_cidr -e src_ip CIDR category\n\t| table\n```\n\n### Example 2: Pull Requests with Audit Event and IP Lookup\n```query\n\ttag=$GITHUB_AUDIT json action~\"pull_request.create\" repo SRC\n\t| alias SRC src_ip\n\t| lookup -r github_audit_events action name (category as ip_category name description)\n\t| iplookup -r github_cidr -e src_ip CIDR category as action_category\n\t| table repo src_ip ip_category CIDR action action_category description\n```\n\n***\n\n## 6. Templates\n\nThis section contains templates used in the Investigation Dashboards for streamlined analysis and reporting.\n\n***\n\n## 7. Alerts, Flows, Searches, and Scheduled Searches\n\nNaming conventions for alerts, flows, searches, and scheduled searches help maintain consistency:\n- **Naming Schema:** _QueryType - Company - Category - Severity - Name - [Visualization if any]_\n\n#### Examples\n- **Alert:** _Alert - GitHub - Category - Severity - Alertname_\n\t- _Example:_ Alert - GitHub - Account - Medium - Plan Changed\n- **Flows:** _AlertFlow - GitHub - Category - Severity - Alertname_\n\t- _Example:_ AlertFlow - GitHub - Account - Medium - Plan Changed\n- **Search:** _Search - GitHub - Category - Searchname [Visual Output Type]_\n\t- _Example:_ Search - GitHub - Code Scan - New Alerts [numbercard]\n- **ScheduledSearch:** _ScheduledSearch - GitHub - Category - Searchname_\n\t- _Example:_ ScheduledSearch - GitHub - Code Scan - New Alerts\n\n#### Alerts\n- [Alerts] (https://docs.gravwell.io/alerts/alerts.html) are a Gravwell feature which allow the user to tie sources of intelligence (such as periodic scheduled searches) to actions (such as a flow that files a ticket). The Alerts within this kit are already setup with Dispatchers, Validation, and Consumers. \n- Some basic terminology:\n\t- Events are the actual bits of actionable information, for instance \u201cA user signed in from outside the US\u201d.\n\t- Dispatchers generate events. A typical dispatcher would be a scheduled search that runs every hour looking for \u201cbad\u201d activity; every result returned by a scheduled search is considered an event.\n\t- Consumers process and respond to events. A typical consumer would be a flow that sends an email to an administrator, or opens a ticket in the ticketing system. Each consumer runs once per event.\n\t- Alerts tie dispatchers to consumers, ensuring that when a dispatcher generates an event, all associated consumers are executed to process it.\n- Alert Flow\n\t- Dispatchers > Validation > Consumers\n\t- Scheduled Search > Common\\_Field\\_in\\_log > Flows\n\t- ScheduledSearch > repo > AlertFlow\n\t- ScheduledSearch - GitHub - Category - Severity/Priority - ScheduledSearch\\_Name > repo > AlertFlow - GitHub - Category - - Severity/Priority - AlertFlow\\_Name\n\n**Important:** If you change a Scheduled Search, you will effectively change the Alert, and the Flow.\n\n- All Scheduled Searches, Alerts, & Flows are disabled by default, so you will need to do a couple of things in order to begin receiving any Alerts via Flows emailed to you. \n1. Macros\n\t1.1 $GITHUB\\_ALERT\\_SENDER: This is the address to which GitHub Alert Flows will be sent from.\n\t\t- Update \"replace\\_me@with\\_valid\\_sender.address\" to a valid email address you want to be the sender for GitHub Alerts\n\t1.2 $GITHUB\\_ALERT\\_RECIPIENT: This is the address to which GitHub Alert Flows will be sent to.\n\t\t- Update \"replace\\_me@with\\_valid\\_recipient.address\" to a valid email address you want to be the recipient for GitHub Alerts\n2. Scheduled Searches\n\t- You will need to enable each Scheduled Search that you want to to run.\n3. Alerts\n\t- You will need to enable each Alert that you want to to run.\n4. Flows\n\t- You will need to enable each Flow that you want to to run.\n\t- Cron Schedule\n\t\t- High: 3 \\* \\* \\* \\*\n\t\t- Medium: 15 \\*/2 \\* \\* \\*\n\t\t- Low: 27 \\*/4 \\* \\* \\*\n\n***\n\n## 8. Image Credits\n\n- **Icon:** [UXWing](https://uxwing.com/github-icon/)  \n- **Cover:** [Unsplash](https://unsplash.com/photos/a-white-dice-with-a-black-github-logo-on-it-HLQDfaJUTVI)  \n- **Banner:** [Unsplash](https://unsplash.com/photos/black-flat-screen-computer-monitor-turned-on-near-blue-and-white-sky-SrewPUfo2c0)",
+ "Readme": "This kit provides ready-to-roll dashboards, queries, alerts, flows, templates, and playbooks for Github logs.\n\nThe GitHub kit is licensed is licensed under the BSD 2-Clause license and the contents are available on [Github](https://github.com/gravwell/kits/tree/main/github).\n\n## Dependencies\n- Null\n\n## Changelog\n**1.0: Initial Release**\n- actionables (3)\n- autoextractor (2)\n- alert (67)\n- dashboard (4)\n- file (6)\n- license (1)\n- macro (6)\n- playbook (3)\n- resource (4)\n- scheduled (134)\n  - scheduled searches (67)\n  - flows (67)\n- searchlibrary (111)\n  - alert queries (67)\n  - dashboard searches (44)\n- template (31)",
  "Version": 1,
  "MinVersion": {
   "Major": 0,
@@ -19,7 +19,7 @@
  "Cover": "67b0bb3c-7d13-4ad0-a0dc-a4741c0796c2",
  "Items": [
   {
-   "Name": "Apache 2.0 License",
+   "Name": "BSD 2-Clause",
    "Type": 10,
    "Hash": "0000000000000000000000000000000000000000000000000000000000000000"
   },
diff --git a/github/README.md b/github/README.md
index 502dcb55..70e1f41c 100644
--- a/github/README.md
+++ b/github/README.md
@@ -1,48 +1,25 @@
-<km>
-# GitHub Kit
+This kit provides ready-to-roll dashboards, queries, alerts, flows, templates, and playbooks for Github logs.
 
-This kit provides ready-to-roll dashboards, queries, alerts, flows, templates, and playbooks.
-
-The GitHub kit is licensed under the Apache 2.0 license and the contents are available on [Github](https://github.com/gravwell/kits/tree/main/github).
+The GitHub kit is licensed is licensed under the BSD 2-Clause license and the contents are available on [Github](https://github.com/gravwell/kits/tree/main/github).
 
 ## Dependencies
 - Null
 
 ## Changelog
-- 1.0: Initial Release
-	- actionables 				03
-	- autoextractor				02
-	- alert 					67
-	- dashboard 				04
-	- file 						06
-	- license 					01
-	- macro 					06
-	- playbook 					67
-	- resource 					04
-	- scheduled 				134
-		- scheduled searches 	67
-		- flows 				67
-	- searchlibrary 			111
-		- alert queries 		67
-		- dashboard searches 	44
-	- template 					31
-
-- 2.0: Initial Release
-	- actionables 				03
-	- autoextractor				02
-	- alert 					67
-	- dashboard 				04
-	- file 						06
-	- license 					01
-	- macro 					06
-	- playbook 					04
-	- resource 					04
-	- scheduled 				68
-		- scheduled searches 	67
-		- flows 				1
-	- searchlibrary 			111
-		- alert queries 		67
-		- dashboard searches 	44
-	- template 					31
-
-</km>
\ No newline at end of file
+**1.0: Initial Release**
+	- actionables (3)
+	- autoextractor (2)
+	- alert (67)
+	- dashboard (4)
+	- file (6)
+	- license (1)
+	- macro (6)
+	- playbook (3)
+	- resource (4)
+	- scheduled (134)
+		- scheduled searches (67)
+		- flows (67)
+	- searchlibrary (111)
+		- alert queries (67)
+		- dashboard searches (44)
+	- template (31)
diff --git a/github/banner.png b/github/banner.png
new file mode 100644
index 00000000..cfbee32a
Binary files /dev/null and b/github/banner.png differ
diff --git a/github/cover.png b/github/cover.png
new file mode 100644
index 00000000..f3e2bd56
Binary files /dev/null and b/github/cover.png differ
diff --git a/github/file/0b8d6b52-7d44-4cf8-9800-7e2f2535264e.contents b/github/file/0b8d6b52-7d44-4cf8-9800-7e2f2535264e.contents
index defbe058..cfbee32a 100644
Binary files a/github/file/0b8d6b52-7d44-4cf8-9800-7e2f2535264e.contents and b/github/file/0b8d6b52-7d44-4cf8-9800-7e2f2535264e.contents differ
diff --git a/github/file/67b0bb3c-7d13-4ad0-a0dc-a4741c0796c2.contents b/github/file/67b0bb3c-7d13-4ad0-a0dc-a4741c0796c2.contents
index 5a7fdfcf..f3e2bd56 100644
Binary files a/github/file/67b0bb3c-7d13-4ad0-a0dc-a4741c0796c2.contents and b/github/file/67b0bb3c-7d13-4ad0-a0dc-a4741c0796c2.contents differ
diff --git a/github/file/e726df9a-d43c-4031-a5dc-cc4f40739961.contents b/github/file/e726df9a-d43c-4031-a5dc-cc4f40739961.contents
index 24b5504f..e9464f58 100644
Binary files a/github/file/e726df9a-d43c-4031-a5dc-cc4f40739961.contents and b/github/file/e726df9a-d43c-4031-a5dc-cc4f40739961.contents differ
diff --git a/github/github-banner.png b/github/github-banner.png
deleted file mode 100644
index aa773820..00000000
Binary files a/github/github-banner.png and /dev/null differ
diff --git a/github/github-cover.png b/github/github-cover.png
deleted file mode 100644
index 1572c86f..00000000
Binary files a/github/github-cover.png and /dev/null differ
diff --git a/github/github.metadata b/github/github.metadata
index adedbd01..e0c6f6cd 100644
--- a/github/github.metadata
+++ b/github/github.metadata
@@ -1,8 +1,8 @@
 {
 	"Tags": ["github", "github-audit"],
 	"Assets": [
-		{ "Type": "image", "Source": "github-cover.png", "Legend": "GitHub Cover", "Featured": true},
-		{ "Type": "image", "Source": "github-banner.png", "Legend": "GitHub Banner", "Featured": true, "Banner": true},
+		{ "Type": "image", "Source": "cover.png", "Legend": "GitHub Cover", "Featured": true},
+		{ "Type": "image", "Source": "banner.png", "Legend": "GitHub Banner", "Featured": true, "Banner": true},
 		{ "Type": "readme", "Source": "README.md"}
 	]
 }
\ No newline at end of file
diff --git a/github/license/Apache 2.0 License.meta b/github/license/Apache 2.0 License.meta
deleted file mode 100644
index 2bb9ad24..00000000
--- a/github/license/Apache 2.0 License.meta	
+++ /dev/null
@@ -1,176 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
\ No newline at end of file
diff --git a/github/license/BSD 2-Clause.meta b/github/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/github/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/gravwell/MANIFEST b/gravwell/MANIFEST
index 37caabab..eccf9a00 100644
--- a/gravwell/MANIFEST
+++ b/gravwell/MANIFEST
@@ -18,6 +18,11 @@
 	"Banner": "09411e91-71cc-43c3-b4c7-5c8a2dc05180",
 	"Cover": "97e7479d-d284-4efb-afe4-f30848f6f851",
 	"Items": [
+		{
+			"Name": "BSD 2-Clause",
+			"Type": 10,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
 		{
 			"Name": "05653c81-39af-4f60-8417-78ff25de6a4a",
 			"Type": 9,
diff --git a/gravwell/license/BSD 2-Clause.meta b/gravwell/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/gravwell/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/grok/MANIFEST b/grok/MANIFEST
index e262a43b..06a0a517 100644
--- a/grok/MANIFEST
+++ b/grok/MANIFEST
@@ -17,6 +17,11 @@
 	"Banner": "a00a50f4-e7e2-4875-8631-f81bae9e8d3e",
 	"Cover": "a00a50f4-e7e2-4875-8631-f81bae9e8d3e",
 	"Items": [
+		{
+			"Name": "BSD 2-Clause",
+			"Type": 10,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
 		{
 			"Name": "grok",
 			"Type": 1,
diff --git a/grok/license/BSD 2-Clause.meta b/grok/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/grok/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/ipfix/MANIFEST b/ipfix/MANIFEST
index 8ccf56a2..40bba1f5 100644
--- a/ipfix/MANIFEST
+++ b/ipfix/MANIFEST
@@ -17,6 +17,11 @@
 	"Banner": "e874b41e-8fc5-408e-ae91-591af5d988ba",
 	"Cover": "e874b41e-8fc5-408e-ae91-591af5d988ba",
 	"Items": [
+		{
+			"Name": "BSD 2-Clause",
+			"Type": 10,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
 		{
 			"Name": "1551412e-c773-4bc2-8134-695b8d928adb",
 			"Type": 6,
diff --git a/ipfix/license/BSD 2-Clause.meta b/ipfix/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/ipfix/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/juniper/MANIFEST b/juniper/MANIFEST
index caadc64a..0f8ccd34 100644
--- a/juniper/MANIFEST
+++ b/juniper/MANIFEST
@@ -19,9 +19,9 @@
 	"Cover": "b56a0767-8259-4591-ba1d-ad56f51bd06a",
 	"Items": [
 		{
-                        "Name": "Apache 2.0 License",
-                        "Type": 10,
-                        "Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+            "Name": "BSD 2-Clause",
+            "Type": 10,
+            "Hash": "0000000000000000000000000000000000000000000000000000000000000000"
 		},
 		{
 			"Name": "juniper_severity",
diff --git a/juniper/license/Apache 2.0 License.meta b/juniper/license/Apache 2.0 License.meta
deleted file mode 100644
index 2bb9ad24..00000000
--- a/juniper/license/Apache 2.0 License.meta	
+++ /dev/null
@@ -1,176 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
\ No newline at end of file
diff --git a/juniper/license/BSD 2-Clause.meta b/juniper/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/juniper/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/linux_syslog/MANIFEST b/linux_syslog/MANIFEST
index 22d7ee06..e04b42a0 100644
--- a/linux_syslog/MANIFEST
+++ b/linux_syslog/MANIFEST
@@ -18,6 +18,11 @@
 	"Banner": "72ed6d4b-1260-4098-956f-8f59c272464b",
 	"Cover": "5551e4f6-f167-4487-83de-83692468c6ba",
 	"Items": [
+		{
+			"Name": "BSD 2-Clause",
+			"Type": 10,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
 		{
 			"Name": "265182135221759",
 			"Type": 3,
diff --git a/linux_syslog/license/BSD 2-Clause.meta b/linux_syslog/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/linux_syslog/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/netflowv5/MANIFEST b/netflowv5/MANIFEST
index 8123c295..96ac62f8 100644
--- a/netflowv5/MANIFEST
+++ b/netflowv5/MANIFEST
@@ -17,6 +17,11 @@
 	"Banner": "48c6b0ef-6e76-4208-bca7-0b95e4700bdd",
 	"Cover": "48c6b0ef-6e76-4208-bca7-0b95e4700bdd",
 	"Items": [
+		{
+			"Name": "BSD 2-Clause",
+			"Type": 10,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
 		{
 			"Name": "068864a8-a365-43dd-af12-efd940270e25",
 			"Type": 11,
diff --git a/netflowv5/license/BSD 2-Clause.meta b/netflowv5/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/netflowv5/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/o365/MANIFEST b/o365/MANIFEST
index 55a4f82d..1df2656b 100644
--- a/o365/MANIFEST
+++ b/o365/MANIFEST
@@ -24,6 +24,11 @@
 		}
 	],
 	"Items": [
+		{
+			"Name": "BSD 2-Clause",
+			"Type": 10,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
 		{
 			"Name": "0642db70-5022-4f7d-8aab-56d1d18150d2",
 			"Type": 7,
diff --git a/o365/license/BSD 2-Clause.meta b/o365/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/o365/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/okta/MANIFEST b/okta/MANIFEST
index 1093db57..f434139e 100644
--- a/okta/MANIFEST
+++ b/okta/MANIFEST
@@ -22,7 +22,7 @@
     "Items":
     [
         {
-            "Name": "Apache 2.0 License",
+            "Name": "BSD 2-Clause",
             "Type": 10,
             "Hash": "0000000000000000000000000000000000000000000000000000000000000000"
         },
diff --git a/okta/license/Apache 2.0 License.meta b/okta/license/Apache 2.0 License.meta
deleted file mode 100644
index 2bb9ad24..00000000
--- a/okta/license/Apache 2.0 License.meta	
+++ /dev/null
@@ -1,176 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
\ No newline at end of file
diff --git a/okta/license/BSD 2-Clause.meta b/okta/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/okta/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/paloalto/MANIFEST b/paloalto/MANIFEST
index 892fd793..1cc3a0ae 100644
--- a/paloalto/MANIFEST
+++ b/paloalto/MANIFEST
@@ -18,6 +18,11 @@
 	"Banner": "ac8d907f-c540-4237-8327-1ad55c173b6e",
 	"Cover": "1f8f6d4b-0ff4-4764-a053-50cf8c876cc7",
 	"Items": [
+		{
+			"Name": "BSD 2-Clause",
+			"Type": 10,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
 		{
 			"Name": "excluded_url_categories",
 			"Type": 1,
diff --git a/paloalto/license/BSD 2-Clause.meta b/paloalto/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/paloalto/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/pfSense/MANIFEST b/pfSense/MANIFEST
index 36b2958b..e2215d85 100644
--- a/pfSense/MANIFEST
+++ b/pfSense/MANIFEST
@@ -19,7 +19,7 @@
 	"Cover": "ef9d1582-dac5-434d-8063-918f41169902",
 	"Items": [
 		{
-			"Name": "Apache 2.0 License",
+			"Name": "BSD 2-Clause",
 			"Type": 10,
 			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
 		},
diff --git a/pfSense/license/Apache 2.0 License.meta b/pfSense/license/Apache 2.0 License.meta
deleted file mode 100644
index 2bb9ad24..00000000
--- a/pfSense/license/Apache 2.0 License.meta	
+++ /dev/null
@@ -1,176 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
\ No newline at end of file
diff --git a/pfSense/license/BSD 2-Clause.meta b/pfSense/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/pfSense/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/pihole/MANIFEST b/pihole/MANIFEST
index 57764c43..669830d1 100644
--- a/pihole/MANIFEST
+++ b/pihole/MANIFEST
@@ -19,7 +19,7 @@
 	"Cover": "987688bb-b613-4044-9adb-8c429e1ac086",
 	"Items": [
 		{
-			"Name": "Apache 2.0 License",
+			"Name": "BSD 2-Clause",
 			"Type": 10,
 			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
 		},
diff --git a/pihole/license/Apache 2.0 License.meta b/pihole/license/Apache 2.0 License.meta
deleted file mode 100644
index 2bb9ad24..00000000
--- a/pihole/license/Apache 2.0 License.meta	
+++ /dev/null
@@ -1,176 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
\ No newline at end of file
diff --git a/pihole/license/BSD 2-Clause.meta b/pihole/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/pihole/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/syslog/MANIFEST b/syslog/MANIFEST
index 9147056d..002876f5 100644
--- a/syslog/MANIFEST
+++ b/syslog/MANIFEST
@@ -17,6 +17,11 @@
 	"Banner": "64cc610a-2a92-4a3c-a363-efcfa67e7d2a",
 	"Cover": "f9a79ae0-3820-4683-a819-2d48d8b50002",
 	"Items": [
+		{
+			"Name": "BSD 2-Clause",
+			"Type": 10,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
 		{
 			"Name": "syslog_facility",
 			"Type": 1,
diff --git a/syslog/license/BSD 2-Clause.meta b/syslog/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/syslog/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/sysmon/MANIFEST b/sysmon/MANIFEST
index 3e21b6c5..ce4940a5 100644
--- a/sysmon/MANIFEST
+++ b/sysmon/MANIFEST
@@ -18,6 +18,11 @@
 	"Banner": "d329d4fb-1392-4c96-a9a1-5cf75be39436",
 	"Cover": "cee6ccc0-dd78-4b4c-bb5d-207bf78977a5",
 	"Items": [
+		{
+			"Name": "BSD 2-Clause",
+			"Type": 10,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
 		{
 			"Name": "sysmon_event_ids",
 			"Type": 1,
diff --git a/sysmon/license/BSD 2-Clause.meta b/sysmon/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/sysmon/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/thinkst-canary/MANIFEST b/thinkst-canary/MANIFEST
index 7c932527..4f2ce803 100644
--- a/thinkst-canary/MANIFEST
+++ b/thinkst-canary/MANIFEST
@@ -2,7 +2,8 @@
  "ID": "io.gravwell.thinkstcanary",
  "Name": "Thinkst Canary",
  "Desc": "This kit is designed to provide an out-of-the-box experience for working with Thinkst Canary logs. \n\nIt provides the following utilities:\n- Autoextractors\n- Alerts\n- Dashboards\n- Image Files\n- Macros\n- Playbooks\n- Resources\n- Scheduled Searches\n- Flows\n- Saved Queries\n- Templates",
- "Version": 2,
+ "Readme":"This kit provides ready-to-roll dashboards, queries, alerts, flows, templates, and playbooks for Thinkst Canary.\n\nThe Thinkst Canary kit is licensed under the BSD 2-Clause license and the contents are available on [Github](https://github.com/gravwell/kits/tree/main/thinkst-canary).\n\n## Dependencies\nGravwell Network Enrichment Kit\n- The Maxmind Database is required for the Location queries, scheduled searches, and alerts.\n\n## Changelog\n**1.0: Initial Release**\n- autoextractors (2)\n- alert (59)\n- dashboard (5)\n- file (3)\n- license (1)\n- macro (13)\n- playbook (5)\n- resource (4)\n- scheduled (61)\n  - scheduled searches (59)\n  - flows (2)\n- searchlibrary (133)\n  - alert queries (59)\n  - dashboard searches (74)\n- template (1)",
+ "Version": 1,
  "MinVersion": {
   "Major": 0,
   "Minor": 0,
@@ -1128,7 +1129,7 @@
    "Hash": "0000000000000000000000000000000000000000000000000000000000000000"
   },
   {
-   "Name": "Apache 2.0 License",
+   "Name": "BSD 2-Clause",
    "Type": 10,
    "Hash": "0000000000000000000000000000000000000000000000000000000000000000"
   },
diff --git a/thinkst-canary/README.md b/thinkst-canary/README.md
index 7706c3f5..a77a87de 100644
--- a/thinkst-canary/README.md
+++ b/thinkst-canary/README.md
@@ -1,45 +1,25 @@
-# Thinkst Canary Kit
+This kit provides ready-to-roll dashboards, queries, alerts, flows, templates, and playbooks for Thinkst Canary.
 
-This kit provides ready-to-roll dashboards, queries, alerts, flows, templates, and playbooks.
-
-The Thinkst Canary kit is licensed under the Apache 2.0 license and the contents are available on [Thinkst Canary](https://github.com/gravwell/kits/tree/main/thinkst-canary).
+The Thinkst Canary kit is licensed under the BSD 2-Clause license and the contents are available on [Github](https://github.com/gravwell/kits/tree/main/thinkst-canary).
 
 ## Dependencies
 Gravwell Network Enrichment Kit
 - The Maxmind Database is required for the Location queries, scheduled searches, and alerts. 
 
 ## Changelog
-- 1.0: Initial Release
-	- actionables 				000
-	- alert 					059
-	- dashboard 				005
-	- file 						003
-	- license 					001
-	- macro 					013
-	- playbook 					059
-	- resource 					006
-	- scheduled 				118
-		- scheduled searches 	059
-		- flows 				059
-	- searchlibrary 			133
-		- alert queries 		059
-		- dashboard searches 	074
-	- template 					001
-
-- 2.0: Removed All Customized Playbooks & Placeholders & Linked Queries; Added Autoextractors
-	- actionables 				000
-	- autoextractors			002
-	- alert 					059
-	- dashboard 				005
-	- file 						003
-	- license 					001
-	- macro 					013
-	- playbook 					005
-	- resource 					004
-	- scheduled 				061
-		- scheduled searches 	059
-		- flows 				002
-	- searchlibrary 			133
-		- alert queries 		059
-		- dashboard searches 	074
-	- template 					001
\ No newline at end of file
+**1.0: Initial Release**
+	- autoextractors (2)
+	- alert (59)
+	- dashboard (5)
+	- file (3)
+	- license (1)
+	- macro (13)
+	- playbook (5)
+	- resource (4)
+	- scheduled (61)
+		- scheduled searches (59)
+		- flows (2)
+	- searchlibrary (133)
+		- alert queries (59)
+		- dashboard searches (74)
+	- template (1)
\ No newline at end of file
diff --git a/thinkst-canary/banner.png b/thinkst-canary/banner.png
new file mode 100644
index 00000000..b0688175
Binary files /dev/null and b/thinkst-canary/banner.png differ
diff --git a/thinkst-canary/canary-banner.png b/thinkst-canary/canary-banner.png
deleted file mode 100644
index d5051cd4..00000000
Binary files a/thinkst-canary/canary-banner.png and /dev/null differ
diff --git a/thinkst-canary/canary-cover.png b/thinkst-canary/canary-cover.png
deleted file mode 100644
index d5051cd4..00000000
Binary files a/thinkst-canary/canary-cover.png and /dev/null differ
diff --git a/thinkst-canary/cover.png b/thinkst-canary/cover.png
new file mode 100644
index 00000000..4a746b37
Binary files /dev/null and b/thinkst-canary/cover.png differ
diff --git a/thinkst-canary/file/9748c321-8de9-4bbf-a2a7-1c953ae3616b.contents b/thinkst-canary/file/9748c321-8de9-4bbf-a2a7-1c953ae3616b.contents
index d5051cd4..b0688175 100644
Binary files a/thinkst-canary/file/9748c321-8de9-4bbf-a2a7-1c953ae3616b.contents and b/thinkst-canary/file/9748c321-8de9-4bbf-a2a7-1c953ae3616b.contents differ
diff --git a/thinkst-canary/file/d5a9f0c9-eeda-43aa-a3e2-dc6a0653a4ad.contents b/thinkst-canary/file/d5a9f0c9-eeda-43aa-a3e2-dc6a0653a4ad.contents
index 0fbf6b15..ca4f3a94 100644
Binary files a/thinkst-canary/file/d5a9f0c9-eeda-43aa-a3e2-dc6a0653a4ad.contents and b/thinkst-canary/file/d5a9f0c9-eeda-43aa-a3e2-dc6a0653a4ad.contents differ
diff --git a/thinkst-canary/file/dabb0326-42dc-42b3-9763-7d147d477c7a.contents b/thinkst-canary/file/dabb0326-42dc-42b3-9763-7d147d477c7a.contents
index d5051cd4..4a746b37 100644
Binary files a/thinkst-canary/file/dabb0326-42dc-42b3-9763-7d147d477c7a.contents and b/thinkst-canary/file/dabb0326-42dc-42b3-9763-7d147d477c7a.contents differ
diff --git a/thinkst-canary/license/Apache 2.0 License.meta b/thinkst-canary/license/Apache 2.0 License.meta
deleted file mode 100644
index 2bb9ad24..00000000
--- a/thinkst-canary/license/Apache 2.0 License.meta	
+++ /dev/null
@@ -1,176 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
\ No newline at end of file
diff --git a/thinkst-canary/license/BSD 2-Clause.meta b/thinkst-canary/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/thinkst-canary/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/thinkst-canary/thinkstcanary.metadata b/thinkst-canary/thinkstcanary.metadata
index 0d0dcb44..d6e43afd 100644
--- a/thinkst-canary/thinkstcanary.metadata
+++ b/thinkst-canary/thinkstcanary.metadata
@@ -1,8 +1,8 @@
 {
 	"Tags": ["thinkst-audit", "thinkst-incident"],
 	"Assets": [
-		{ "Type": "image", "Source": "canary-cover.png", "Legend": "Thinkst Canary Cover", "Featured": true},
-		{ "Type": "image", "Source": "canary-banner.png", "Legend": "Thinkst Canary Banner", "Featured": true, "Banner": true},
+		{ "Type": "image", "Source": "cover.png", "Legend": "Thinkst Canary Cover", "Featured": true},
+		{ "Type": "image", "Source": "banner.png", "Legend": "Thinkst Canary Banner", "Featured": true, "Banner": true},
 		{ "Type": "readme", "Source": "README.md"}
 	]
 }
diff --git a/windows/MANIFEST b/windows/MANIFEST
index 466a6a64..21d8878e 100644
--- a/windows/MANIFEST
+++ b/windows/MANIFEST
@@ -18,6 +18,11 @@
 	"Banner": "044e554a-4cc4-49fc-9942-07e9ca778edd",
 	"Cover": "3add526e-3523-445d-bbfc-050c06546d81",
 	"Items": [
+		{
+			"Name": "BSD 2-Clause",
+			"Type": 10,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
 		{
 			"Name": "windows_event_level_criticality",
 			"Type": 1,
diff --git a/windows/license/BSD 2-Clause.meta b/windows/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/windows/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/windows_resource/MANIFEST b/windows_resource/MANIFEST
index 96e38ac5..4d9e28ed 100644
--- a/windows_resource/MANIFEST
+++ b/windows_resource/MANIFEST
@@ -18,6 +18,11 @@
 	"Banner": "80c345f2-d99b-489b-b1fb-2ceaf757338d",
 	"Cover": "80c345f2-d99b-489b-b1fb-2ceaf757338d",
 	"Items": [
+		{
+			"Name": "BSD 2-Clause",
+			"Type": 10,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
 		{
 			"Name": "windows_security_ids",
 			"Type": 1,
diff --git a/windows_resource/license/BSD 2-Clause.meta b/windows_resource/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/windows_resource/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/zeek/MANIFEST b/zeek/MANIFEST
index 6581f9c8..64573751 100644
--- a/zeek/MANIFEST
+++ b/zeek/MANIFEST
@@ -17,6 +17,11 @@
 	"Banner": "",
 	"Cover": "",
 	"Items": [
+		{
+			"Name": "BSD 2-Clause",
+			"Type": 10,
+			"Hash": "0000000000000000000000000000000000000000000000000000000000000000"
+		},
 		{
 			"Name": "0173803d-2953-469f-ba26-f73fa1b89d49",
 			"Type": 6,
diff --git a/zeek/license/BSD 2-Clause.meta b/zeek/license/BSD 2-Clause.meta
new file mode 100644
index 00000000..c9d976c6
--- /dev/null
+++ b/zeek/license/BSD 2-Clause.meta	
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) 2026, Gravwell Inc
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file