diff --git a/tests/system/fim/common_tasks/create_files.yml b/tests/system/fim/common_tasks/create_files.yml
index e69de29bb2..8a9982db82 100644
--- a/tests/system/fim/common_tasks/create_files.yml
+++ b/tests/system/fim/common_tasks/create_files.yml
@@ -0,0 +1,42 @@
+---
+- block:
+  - name: Run script generate_files.py on agents | Linux
+    script: "generate_files.py -c {{ files_config_linux_destination_path }} -o {{ files_generated_output_path }}"
+    args:
+      executable: "python3"
+      chdir: "{{ agents_linux_output_path }}"
+
+  - name: Copy list of created files from Agents to Ansible Controller host | Linux
+    fetch:
+      src: "{{ agents_linux_output_path }}/{{ files_generated_output_path }}"
+      dest: "agents_outputs/{{ event }}/{{ files_generated_output_path }}-{{ inventory_hostname }}"
+      flat: yes
+
+  become: yes
+  when:
+    - inventory_hostname in groups['linuxagents']
+
+
+- block:
+  - name: Run script generate_files.py on agents | Windows
+    script: "generate_files.py -c {{ files_config_windows_destination_path }} -o {{ files_generated_output_path }}"
+    args:
+      executable: "python"
+      chdir: "{{ agents_windows_output_path }}"
+
+  - name: Copy list of created files from Windows Agents to Ansible Controller host | Windows
+    fetch:
+      src: "{{ agents_windows_output_path }}/{{ files_generated_output_path }}"
+      dest: "agents_outputs/{{ event }}/{{ files_generated_output_path }}-{{ inventory_hostname }}"
+      flat: yes
+
+  when:
+  - inventory_hostname in groups['windowsagents']
+
+- name: Copy the output files from Ansible Controller to the Managers
+  become: true
+  synchronize:
+    src: "agents_outputs/added/"
+    dest: "{{ agents_results_manager_path }}/{{ event }}/"
+  when:
+    - inventory_hostname in groups['masters']
diff --git a/tests/system/fim/common_tasks/delete_files.py b/tests/system/fim/common_tasks/delete_files.py
index 94067e1666..180ecfda3f 100644
--- a/tests/system/fim/common_tasks/delete_files.py
+++ b/tests/system/fim/common_tasks/delete_files.py
@@ -15,14 +15,18 @@
 
 def delete_files(input_file_path, n, output_file_path):
     """
-    Delete files, given a file with complete list of files where each line 
+    Delete files, given a file with complete list of files where each line
     represents a file path, we will randomly delete n files of them.
 
     :param str input_file_path: path of the input file which contains the list of files.
     :param int n: number of file to delete.
     :return: Returns a file with the list of the deleted files.
     """
-    logger = logging.getLogger()
+    log_filename = 'delete_files.log'
+    logging.basicConfig(
+        filename=log_filename,
+        level=logging.DEBUG,
+    )
     data = []
     # Read data into the variable 'data'
     try:
@@ -31,22 +35,21 @@ def delete_files(input_file_path, n, output_file_path):
                 data_ = f.readlines()
             # remove whitespace characters like `\n` at the end of each line
             data = [x.strip() for x in data_]
-            f.close() # close f
-    except Exception as e:
-        logger.error('Failed when reading the input file: ', exc_info=True)
+            f.close()  # close f
+    except Exception:
+        logging.error('Failed when reading the input file: ', exc_info=True)
 
-
-    if n is not None: # Randomly select n paths from data
-        to_delete = random.sample(data,n)
-    else: # Delete all files
+    if n is not None:  # Randomly select n paths from data
+        to_delete = random.sample(data, n)
+    else:  # Delete all files
         to_delete = data
 
     # Delete the selected files
     try:
         for path in to_delete:
             os.remove(path)
-    except Exception as e:
-        logger.error('Failed when deleting the selected files: ', exc_info=True)
+    except Exception:
+        logging.error('Failed when deleting the selected files: ', exc_info=True)
 
     # Write the list of the deleted files into output_file_path
     try:
@@ -54,8 +57,9 @@ def delete_files(input_file_path, n, output_file_path):
             for item in to_delete:
                 f.write("%s\n" % item)
         f.close()
-    except Exception as e:
-        logger.error('Failed when writing to the output file: ', exc_info=True)
+    except Exception:
+        logging.error('Failed when writing to the output file: ', exc_info=True)
+
 
 def main():
     parser = argparse.ArgumentParser()
@@ -72,5 +76,6 @@ def main():
 
     delete_files(args.input_file, args.n_files, args.output_file)
 
+
 if __name__ == '__main__':
-    main()
\ No newline at end of file
+    main()
diff --git a/tests/system/fim/common_tasks/delete_files.yml b/tests/system/fim/common_tasks/delete_files.yml
new file mode 100644
index 0000000000..1fb422ac4d
--- /dev/null
+++ b/tests/system/fim/common_tasks/delete_files.yml
@@ -0,0 +1,43 @@
+---
+- block:
+  - name: "Delete FIM test files at Wazuh Agents | Linux"
+    script: "delete_files.py -i {{ files_generated_output_path }} -o {{ files_deleted_output_path }}"
+    args:
+      executable: "python3"
+      chdir: "{{ agents_linux_output_path }}"
+
+  - name: Copy list of deleted files from Agents to Ansible Controller host | Linux
+    fetch:
+      src: "{{ agents_linux_output_path }}/{{ files_deleted_output_path }}"
+      dest: "agents_outputs/{{ event }}/{{ files_deleted_output_path }}-{{ inventory_hostname }}"
+      flat: yes
+
+  become: yes
+  when:
+    - inventory_hostname in groups['linuxagents']
+
+
+- block:
+  - name: "Delete FIM test files at Wazuh Agents | Windows"
+    script: "delete_files.py -i {{ files_generated_output_path }} -o {{ files_deleted_output_path }}"
+    args:
+      executable: "python"
+      chdir: "{{ agents_windows_output_path }}"
+
+  - name: Copy list of deleted files from Windows Agents to Ansible Controller host
+    fetch:
+      src: "{{ agents_windows_output_path }}/{{ files_deleted_output_path }}"
+      dest: "agents_outputs/{{ event }}/{{ files_deleted_output_path }}-{{ inventory_hostname }}"
+      flat: yes
+
+  when:
+    - inventory_hostname in groups['windowsagents']
+
+
+- name: Copy the output files from Ansible Controller to the Managers
+  become: true
+  synchronize:
+    src: "agents_outputs/added/"
+    dest: "{{ agents_results_manager_path }}/{{ event }}/"
+  when:
+    - inventory_hostname in groups['masters']
diff --git a/tests/system/fim/common_tasks/files_configuration.json b/tests/system/fim/common_tasks/files_configuration.json
deleted file mode 100644
index 4ecf00126c..0000000000
--- a/tests/system/fim/common_tasks/files_configuration.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-    "root_folder": "/opt/testing/",
-    "recursion_level": 3,
-    "folder_length": 5,
-    "file_length": 5,
-    "file_size_specifications":[
-        { "size": 10240, "amount": 10000},
-        { "size": 524288, "amount": 500},
-        { "size": 1048576, "amount": 1000},
-        { "size": 10485760, "amount": 10},
-        { "size": 1073741824, "amount": 1}
-    ]
-}
diff --git a/tests/system/fim/common_tasks/files_configuration.json.j2 b/tests/system/fim/common_tasks/files_configuration.json.j2
new file mode 100644
index 0000000000..d91e600601
--- /dev/null
+++ b/tests/system/fim/common_tasks/files_configuration.json.j2
@@ -0,0 +1,12 @@
+{
+    "root_folder": "{{ agents_fim_testing_path }}",
+    "recursion_level": 3,
+    "folder_length": 5,
+    "file_length": 5,
+    "file_size_specifications":[
+        { "size": 10240, "amount": 4000},
+        { "size": 524288, "amount": 500},
+        { "size": 1048576, "amount": 500},
+        { "size": 10485760, "amount": 10}
+    ]
+}
diff --git a/tests/system/fim/common_tasks/files_generator.py b/tests/system/fim/common_tasks/generate_files.py
similarity index 93%
rename from tests/system/fim/common_tasks/files_generator.py
rename to tests/system/fim/common_tasks/generate_files.py
index 598e7912f3..796fd4ee3d 100644
--- a/tests/system/fim/common_tasks/files_generator.py
+++ b/tests/system/fim/common_tasks/generate_files.py
@@ -12,6 +12,7 @@
 import json
 import random
 import string
+import secrets
 import argparse
 
 
@@ -118,7 +119,13 @@ def create_files(files_path):
     """
     for key, value in files_path.items():
         with open(key, "wb") as f:
-            f.write(b'0'*value)
+            if value > 1048576:
+                nval = value // 1048576
+                for val in range(nval):
+                    f.write(b'0' * 1048576)
+            else:
+                f.write(b'0' * value)
+            f.write(secrets.token_bytes(32))
 
 
 def create_file_summary(files_path, logfile):
@@ -132,7 +139,7 @@ def create_file_summary(files_path, logfile):
         os.remove(logfile)
     with open(logfile, 'w') as f:
         for path in files_path:
-            f.write(path+'\n')
+            f.write(path + '\n')
 
 
 def main():
@@ -146,10 +153,10 @@ def main():
     output_file = args.output_list
     config = parse_files_configuration(config_file)
     folders = generate_folders_paths(
-                                        config["root_folder"],
-                                        config["recursion_level"],
-                                        config["folder_length"]
-                                    )
+        config["root_folder"],
+        config["recursion_level"],
+        config["folder_length"]
+    )
     create_folders(folders)
     n_files = sum(x['amount'] for x in config['file_size_specifications'])
     files = generate_files_paths(folders, n_files, config["file_length"])
diff --git a/tests/system/fim/common_tasks/files_modify.py b/tests/system/fim/common_tasks/modify_files.py
similarity index 55%
rename from tests/system/fim/common_tasks/files_modify.py
rename to tests/system/fim/common_tasks/modify_files.py
index 9ee5c736dd..e7d1482a5d 100644
--- a/tests/system/fim/common_tasks/files_modify.py
+++ b/tests/system/fim/common_tasks/modify_files.py
@@ -12,6 +12,8 @@
 import sys
 import random
 import platform
+import argparse
+import logging
 if platform.system() == 'Linux':
     import pwd
     import grp
@@ -51,7 +53,7 @@ def modify_file(filepath, owner, group, mode):
         'uid': uid,
         'gid': gid,
         'mode': oct(mode).split('o')[1].zfill(3)  # convert to octal string
-        }
+    }
 
 
 def modify_file_content(filepath):
@@ -60,22 +62,63 @@ def modify_file_content(filepath):
 
         :param str filepath: The path of the file to modify
     """
-    content = 'qazxswedcvbnmklpoiuytggdfert'*random.randint(1, 10)
+    content = 'qazxswedcvbnmklpoiuytggdfert' * random.randint(1, 10)
     content += str(random.random())
+    if not os.path.exists(filepath):
+        raise FileNotFoundError
     with open(filepath, 'ab') as f:
         f.write(bytes(content, 'utf8'))
 
 
+def log_modified_files(files_path, logfile):
+    """
+    Creates a file that summarizes all the modified files
+
+    :param dict files_path: Contains the list of modified files
+    :param str logfile: File to write the list of paths
+    """
+    if os.path.exists(logfile):
+        os.remove(logfile)
+    with open(logfile, 'w') as f:
+        for path in files_path:
+            f.write(path + '\n')
+
+
 def main():
-    import argparse
+    log_filename = 'modify_files.log'
+    logging.basicConfig(
+        filename=log_filename,
+        level=logging.DEBUG,
+    )
     parser = argparse.ArgumentParser()
-    parser.add_argument("-i", "--input-list", type=str, required=True, dest='input_file',
+    parser.add_argument("-i", "--input-list", type=str,
+                        required=True, dest='input_file',
                         help="File containing the list of files to modify")
+    parser.add_argument("-o", "--output-list", type=str,
+                        required=True, dest='output_file',
+                        help="File containing the list of modified files")
     args = parser.parse_args()
+
     input_file = args.input_file
+    output_file = args.output_file
+
+    changed_files = []
+
     with open(input_file) as flist:
         for path in flist:
-            modify_file_content(path[:-1])
+            try:
+                modify_file_content(path[:-1])
+                changed_files.append(path[:-1])
+            except PermissionError:
+                logging.error("Not enough permissions to modify: {}".format(path[:-1]))
+                continue
+            except FileNotFoundError:
+                logging.error("File not found: {}".format(path[:-1]))
+                continue
+            except Exception:
+                logging.error("Unexpected error: ", exc_info=True)
+                continue
+    log_modified_files(changed_files, output_file)
 
 
 if __name__ == "__main__":
diff --git a/tests/system/fim/common_tasks/modify_files.yml b/tests/system/fim/common_tasks/modify_files.yml
new file mode 100644
index 0000000000..9ff2f89daf
--- /dev/null
+++ b/tests/system/fim/common_tasks/modify_files.yml
@@ -0,0 +1,42 @@
+---
+- block:
+  - name: "Modify FIM test files at Wazuh Managers | Linux"
+    script: "modify_files.py -i {{ files_generated_output_path }} -o {{ files_modified_output_path }}"
+    args:
+      executable: "python3"
+      chdir: "{{ agents_linux_output_path }}"
+
+  - name: Copy list of modified files from Agents to Ansible Controller host | Linux
+    fetch:
+      src: "{{ agents_linux_output_path }}/{{ files_modified_output_path }}"
+      dest: "agents_outputs/{{ event }}/{{ files_modified_output_path }}-{{ inventory_hostname }}"
+      flat: yes
+
+  become: yes
+  when:
+    - inventory_hostname in groups['linuxagents']
+
+
+- block:
+  - name: "Modify FIM test files at Wazuh Managers | Windows"
+    script: "modify_files.py -i {{ files_generated_output_path }} -o {{ files_modified_output_path }}"
+    args:
+      executable: "python"
+      chdir: "{{ agents_windows_output_path }}"
+
+  - name: Copy list of modified files from Agents to Ansible Controller host | Windows
+    fetch:
+      src: "{{ agents_windows_output_path }}/{{ files_generated_output_path }}"
+      dest: "agents_outputs/{{ event }}/{{ files_modified_output_path }}-{{ inventory_hostname }}"
+      flat: yes
+
+  when:
+   - inventory_hostname in groups['windowsagents']
+
+- name: Copy the output files from Ansible Controller to the Managers
+  become: true
+  synchronize:
+    src: "agents_outputs/modified/"
+    dest: "{{ agents_results_manager_path }}/{{ event }}/"
+  when:
+    - inventory_hostname in groups['masters']
\ No newline at end of file
diff --git a/tests/system/fim/common_tasks/prepare.yml b/tests/system/fim/common_tasks/prepare.yml
new file mode 100644
index 0000000000..b017f7fea4
--- /dev/null
+++ b/tests/system/fim/common_tasks/prepare.yml
@@ -0,0 +1,97 @@
+- block:
+  - name: Creates directories to store agents' outputs in Managers hosts
+    file:
+      path: "{{ item }}"
+      state: directory
+    with_items:
+      - "{{ agents_results_manager_path }}"
+      - "{{ agents_results_manager_path }}/added"
+      - "{{ agents_results_manager_path }}/modified"
+      - "{{ agents_results_manager_path }}/deleted"
+
+  - name: Stop wazuh-manager service
+    service:
+      name: wazuh-manager
+      state: stopped
+
+  - name: Copy {{ files_config_manager_ossec_conf }} to the Managers hosts
+    copy:
+        src: "config/{{ files_config_manager_ossec_conf }}"
+        dest: "{{ linux_ossec_folder_path }}/etc/ossec.conf"
+
+  - name: Start wazuh-manager service
+    service:
+      name: wazuh-manager
+      state: started
+
+  when:
+    - inventory_hostname in groups['masters']
+  become: yes
+
+- block:
+  - name: Create {{ agents_linux_output_path }} to store outputs in Agents hosts | Linux
+    file:
+      path: "{{ agents_linux_output_path }}"
+      state: directory
+    when:
+      - inventory_hostname in groups['linuxagents']
+
+  - name: Copy {{ files_config_source_path }} to the Agents hosts | Linux
+    template:
+        src: "../../common_tasks/files_configuration.json.j2"
+        dest: "{{ files_config_linux_destination_path }}"
+    vars:
+      agents_fim_testing_path: "{{ files_fim_testing_linux }}"
+
+  - name: Stop wazuh-agent service | Linux
+    service:
+      name: wazuh-agent
+      state: stopped
+
+  - name: Copy {{ files_config_agent_linux_ossec_conf }} to the Agents hosts | Linux
+    copy:
+      src: "./config/{{ files_config_agent_linux_ossec_conf }}"
+      dest: "{{ linux_ossec_folder_path }}/etc/ossec.conf"
+
+  - name: Start wazuh-agent service | Linux
+    service:
+      name: wazuh-agent
+      state: started
+
+  when:
+    - inventory_hostname in groups['linuxagents']
+  become: yes
+
+- block:
+  - name: Create {{ agents_windows_output_path }} to store outputs in agents hosts | Windows
+    win_file:
+      path: "{{ agents_windows_output_path }}"
+      state: directory
+
+  - name: Copy {{ files_config_source_path }} to the Agents hosts | Windows
+    template:
+        src: "../../common_tasks/files_configuration.json.j2"
+        dest: "{{ files_config_windows_destination_path }}"
+    vars:
+      agents_fim_testing_path: "{{ files_fim_testing_windows }}"
+
+  - name: Stop wazuh-agent service | Windows
+    win_service:
+      name: OssecSvc
+      start_mode: auto
+      state: stopped
+
+  - name: Copy {{ files_config_agent_windows_ossec_conf }} to the agents hosts | Windows
+    win_copy:
+        src: "config/{{ files_config_agent_windows_ossec_conf }}"
+        dest: "{{ windows_ossec_folder_path }}/ossec.conf"
+
+  - name: Start wazuh-agent service | Windows
+    win_service:
+      name: OssecSvc
+      start_mode: auto
+      state: started
+
+
+  when:
+    - inventory_hostname in groups['windowsagents']
diff --git a/tests/system/fim/common_tasks/verify_alerts.yml b/tests/system/fim/common_tasks/verify_alerts.yml
index a2ee7369ee..245b59edf3 100644
--- a/tests/system/fim/common_tasks/verify_alerts.yml
+++ b/tests/system/fim/common_tasks/verify_alerts.yml
@@ -1,14 +1,30 @@
----  
-  - name: "Verify alert log"
-    script: "verify_alerts_json.py -i {{ file_list_path }} -e {{ syscheck_event }}"
+---
+  - name: Find input files for manager
+    find:
+      paths: "{{ agents_results_manager_path }}/{{ event }}"
+    register: find_result
+    when: 
+      - inventory_hostname in groups['masters']
+
+  - name: "Verify alert json log | {{ event }}"
+    script: >
+      verify_alerts_json.py -i {{ item.path }} -e {{ event }} 
+      -o {{ missing_alerts_json_path }}
     args:
       executable: "python3"
     when: 
       - inventory_hostname in groups['masters']
+    with_items: 
+      - "{{ find_result.files }}"
 
-  - name: "Verify elastic alerts"
-    script: "verify_alerts_elasticsearch.py -i {{ file_list_path }} -e {{ syscheck_event }} -a {{ private_ip }}"
+  - name: "Verify elastic alerts | {{ event }}"
+    script: >
+      verify_alerts_elasticsearch.py -i {{ item.path }} -e {{ event }} 
+      -a {{ hostvars[groups["elasticsearch"][0]]["private_ip"] }}
+      -o {{ missing_alerts_elasticsearch_path }}
     args:
       executable: python3
     when: 
-      - inventory_hostname in groups['elasticsearch'][0]
\ No newline at end of file
+      - inventory_hostname in groups['masters']
+    with_items: 
+      - "{{ find_result.files }}"
\ No newline at end of file
diff --git a/tests/system/fim/common_tasks/verify_alerts_elasticsearch.py b/tests/system/fim/common_tasks/verify_alerts_elasticsearch.py
index 10d88aff41..7ef950b8dc 100644
--- a/tests/system/fim/common_tasks/verify_alerts_elasticsearch.py
+++ b/tests/system/fim/common_tasks/verify_alerts_elasticsearch.py
@@ -1,7 +1,16 @@
 #!/usr/bin/python3
+# Copyright (C) 2015-2020, Wazuh Inc.
+# All rights reserved.
+#
+# This program is free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
 
 import argparse
 from elasticsearch import Elasticsearch
+from time import sleep, time
+import logging
 
 
 def setElasticsearch(ElasticIP):
@@ -30,7 +39,14 @@ def makeQuery(query, Elastic, index_name):
 
 
 if __name__ == "__main__":
-
+    logging.basicConfig(
+        level=logging.INFO,
+        format="%(asctime)s [%(levelname)s] %(message)s",
+        handlers=[
+            logging.FileHandler("verify_alerts_elastic.log"),
+            logging.StreamHandler()
+        ]
+    )
     parser = argparse.ArgumentParser()
     parser.add_argument(
         "-i", "--input-list", type=str, required=True, dest='files',
@@ -50,6 +66,15 @@ def makeQuery(query, Elastic, index_name):
         dest='output', help="Output path for missing files alerts.",
         default="debug_missing_file_alerts.log"
     )
+    parser.add_argument(
+        "-r", "--retry", type=int, required=False, dest='max_retry',
+        help="reading attempts on stopped alerts. default: 4 attemps",
+        default="4"
+    )
+    parser.add_argument(
+        "-s", "--sleep", type=int, required=False, dest='sleep_time',
+        help="Sleep time between retries", default="60"
+    )
     args = parser.parse_args()
 
     query = {
@@ -65,24 +90,45 @@ def makeQuery(query, Elastic, index_name):
 
     es = setElasticsearch(args.ip)
     index_name = "wazuh-alerts-3.x*"
-    success = 0
-    failure = 0
-    failure_list = []
-
+    retry_count = 0
+    logging.info("Elasticsearch alerts verification started")
+    start = time()
     with open(args.files, 'r') as file_list:
-        for line in file_list:
-            query['query']['bool']['filter'][0]['term']['syscheck.path'] = \
-                line.rstrip()
-            query_result = makeQuery(query, es, index_name)
-            if query_result['hits']['total']['value'] == 1:
-                success += 1
+        while retry_count < args.max_retry:
+            success = 0
+            failure = 0
+            failure_list = []
+            for line in file_list:
+                query['query']['bool']['filter'][0]['term']['syscheck.path'] =\
+                    line.rstrip()
+
+                query_result = makeQuery(query, es, index_name)
+                if query_result['hits']['total']['value'] == 1:
+                    success += 1
+                else:
+                    failure_list.append(line)
+                    failure += 1
+            if failure == 0:
+                break
             else:
-                failure_list.append(line)
-                failure += 1
+                elapsed = start - time()
+                logging.info("Missing alerts {}.\n".format(failure))
+                logging.info("Number of retries {}.\n".format(retry_count))
+                logging.info("Elapsed time: ~ {} seconds. \n".format(elapsed))
+                retry_count += 1
+                sleep(args.sleep_time)
 
+    elapsed = start - time()
     with open(args.output, 'w+') as output:
         output.writelines(failure_list)
 
-    assert failure == 0, "number of failed files: {}\n".format(failure)
+    assert failure == 0, "number of failed files: {}\n \
+            Elapsed time: ~ {} seconds.".format(
+            success, elapsed
+        )
 
-    print("number of succeded files: {}\n".format(success))
+    print(
+        "Number of succeded files: {}\n Elapsed time: ~ {} seconds.".format(
+            success, elapsed
+        )
+    )
\ No newline at end of file
diff --git a/tests/system/fim/common_tasks/verify_alerts_json.py b/tests/system/fim/common_tasks/verify_alerts_json.py
index 1c202d4a94..086f9d0be2 100644
--- a/tests/system/fim/common_tasks/verify_alerts_json.py
+++ b/tests/system/fim/common_tasks/verify_alerts_json.py
@@ -10,7 +10,9 @@
 
 import sys
 import json
-import traceback
+
+import logging
+import argparse
 
 if sys.version_info.major < 3:
     print('ERROR: Python 2 is not supported.')
@@ -44,17 +46,22 @@ def alerts_prune(path, target_event):
                 data = json.loads(line)
                 if data.get('syscheck') and data['syscheck']['event'] == target_event:
                     alerts_list.append(data)
+                    
             except ValueError:
                 continue
     return set([alerts['syscheck']['path'] for alerts in alerts_list])
 
 
 def main():
-
+    logging.basicConfig(
+        level=logging.INFO,
+        format="%(asctime)s [%(levelname)s] %(message)s",
+        handlers=[
+            logging.FileHandler("verify_alerts_json.log"),
+            logging.StreamHandler()
+        ]
+    )
     try:
-
-        import argparse
-
         parser = argparse.ArgumentParser(description='Compares paths list and alerts.json paths')
 
         parser.add_argument("-i", "--input-list", type=str, required=True, dest='input_file',
@@ -65,7 +72,8 @@ def main():
                             help="Type of alert's event that we expect: added, modified, deleted")
 
         parser.add_argument("-l", "--log_json", type=str, required=False, dest='log_json_path',
-                            help="alerts.json path. default value '/var/ossec/logs/alerts/alerts.json'",
+                            help="alerts.json path. default value "
+                            "'/var/ossec/logs/alerts/alerts.json'",
                             default="/var/ossec/logs/alerts/alerts.json")
 
         parser.add_argument("-o", "--output-list", type=str, required=False, dest='output_file',
@@ -73,8 +81,8 @@ def main():
                             default="debug_missing_file_alerts.log")
 
         parser.add_argument("-t", "--timeout", type=int, required=False, dest='time_gap',
-                            help="time gap between alerts.json alerts acquisitions. default: 30s",
-                            default="30")
+                            help="time gap between alerts.json alerts acquisitions. default: 60s",
+                            default="60")
 
         parser.add_argument("-r", "--retry", type=int, required=False, dest='retry_count',
                             help="reading attempts on stopped alerts. default: 4 attemps",
@@ -91,24 +99,26 @@ def main():
         prev_lenght = len(sub_paths)
         start = time.time()
 
-        print("alerts.json verification started")
+        logging.info("alerts.json verification started")
         while True:
             pruned_alerts_set = alerts_prune(args.log_json_path, args.event)
             sub_paths = paths_list_set - pruned_alerts_set
 
             if len(sub_paths) == 0:
-                print("Verify alerts test - OK.")
+                logging.info("Verify alerts test - OK.")
                 return 0
             if stuck_alerts > args.retry_count:
-                print("Verify alerts test - NOT OK. %s alerts are missing.\n" % len(sub_paths))
+                logging.warning(
+                    "Verify alerts test - NOT OK. %s alerts are missing.\n" % len(sub_paths)
+                )
                 with open(args.output_file, 'w') as f:
                     for item in sub_paths:
                         f.write("%s\n" % item)
-                    f.write("%s missing alerts.\n" % len(sub_paths))
+                logging.warning("%s missing alerts.\n" % len(sub_paths))
                 return 1
 
             if prev_lenght == len(sub_paths):
-                print("Filelist related alerts aren't growing (%s) ..." % stuck_alerts)
+                logging.info("Filelist related alerts aren't growing (%s) ..." % stuck_alerts)
                 stuck_alerts += 1
             else:
                 stuck_alerts = 0
@@ -116,11 +126,12 @@ def main():
             time.sleep(args.time_gap)
             prev_lenght = len(sub_paths)
             elapsed = time.time() - start
-            print("Elapsed time: ~ %s seconds \n" % int(elapsed))
+            logging.info("Elapsed time: ~ %s seconds \n" % int(elapsed))
 
     except Exception:
-        traceback.print_exc()
+        logging.critical("An error has ocurred. Exiting")
+        raise Exception
 
 
 if __name__ == "__main__":
-    main()
+    sys.exit(main())
diff --git a/tests/system/fim/handlers/main.yml b/tests/system/fim/handlers/main.yml
new file mode 100644
index 0000000000..8633d67a19
--- /dev/null
+++ b/tests/system/fim/handlers/main.yml
@@ -0,0 +1,72 @@
+
+  - name: Stop Wazuh agent Linux
+    become: true
+    service:
+      name: wazuh-agent
+      state: stopp
+
+  - name: Stop Wazuh agent Windows
+    win_service: 
+      name: OssecSvc
+      start_mode: auto
+      state: stopped
+
+  - name: Start Wazuh agent Linux
+    become: true
+    service:
+      name: wazuh-agent
+      state: started
+
+  - name: Start Wazuh agent Windows
+    win_service: 
+      name: OssecSvc
+      start_mode: auto
+      state: started
+
+  - name: Restart Wazuh agent Linux
+    become: true
+    service:
+      name: wazuh-agent
+      state: restarted
+
+  - name: Restart Wazuh agent Windows
+    win_service: 
+      name: OssecSvc
+      start_mode: auto
+      state: restarted
+
+  - name: Stop Wazuh manager
+    become: true
+    service:
+      name: wazuh-manager
+      state: stopped
+
+  - name: Start Wazuh manager
+    become: true
+    service:
+      name: wazuh-manager
+      state: started
+  
+  - name: Restart Wazuh manager
+    become: true
+    service:
+      name: wazuh-manager
+      state: restarted
+
+  - name: Stop Wazuh api
+    become: true
+    service:
+      name: wazuh-api
+      state: stopped
+
+  - name: Start Wazuh api
+    become: true
+    service:
+      name: wazuh-api
+      state: started
+  
+  - name: Restart Wazuh api
+    become: true
+    service:
+      name: wazuh-api
+      state: restarted
diff --git a/tests/system/fim/scenario_default_installation/config/files_configuration.json b/tests/system/fim/scenario_default_installation/config/files_configuration.json
deleted file mode 100644
index 5c8cce00b5..0000000000
--- a/tests/system/fim/scenario_default_installation/config/files_configuration.json
+++ /dev/null
@@ -1,14 +0,0 @@
-{
-    "root_folder": "/opt/test_files",
-    "recursion_level": 3,
-    "folder_length": 5,
-    "file_length": 5,
-    "file_size_specifications":[
-        { "size": 10240, "amount": 10000},
-        { "size": 524288, "amount": 500},
-        { "size": 1048576, "amount": 1000},
-        { "size": 10485760, "amount": 10},
-        { "size": 1073741824, "amount": 1}
-    ],
-    "output_file": "created_files.txt"
-}
diff --git a/tests/system/fim/scenario_default_installation/launch_scenario.yml b/tests/system/fim/scenario_default_installation/launch_scenario.yml
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/tests/system/fim/scenarios/scenario_default_installation/.gitignore b/tests/system/fim/scenarios/scenario_default_installation/.gitignore
new file mode 100644
index 0000000000..eb2ab7694c
--- /dev/null
+++ b/tests/system/fim/scenarios/scenario_default_installation/.gitignore
@@ -0,0 +1 @@
+agents_outputs
\ No newline at end of file
diff --git a/tests/system/fim/scenario_default_installation/actions/files.yml b/tests/system/fim/scenarios/scenario_default_installation/actions/files.yml
similarity index 100%
rename from tests/system/fim/scenario_default_installation/actions/files.yml
rename to tests/system/fim/scenarios/scenario_default_installation/actions/files.yml
diff --git a/tests/system/fim/scenario_default_installation/actions/folders.yml b/tests/system/fim/scenarios/scenario_default_installation/actions/folders.yml
similarity index 100%
rename from tests/system/fim/scenario_default_installation/actions/folders.yml
rename to tests/system/fim/scenarios/scenario_default_installation/actions/folders.yml
diff --git a/tests/system/fim/scenarios/scenario_default_installation/config/agent_linux_ossec.conf b/tests/system/fim/scenarios/scenario_default_installation/config/agent_linux_ossec.conf
new file mode 100644
index 0000000000..e9ffad4b89
--- /dev/null
+++ b/tests/system/fim/scenarios/scenario_default_installation/config/agent_linux_ossec.conf
@@ -0,0 +1,208 @@
+<!--
+  Wazuh - Agent - Default configuration
+  More info at: https://documentation.wazuh.com
+  Mailing list: https://groups.google.com/forum/#!forum/wazuh
+-->
+
+<ossec_config>
+  <client>
+    <server>
+      <address>172.16.0.111</address>
+      <port>1514</port>
+      <protocol>udp</protocol>
+    </server>
+    <config-profile>linux_system_tests</config-profile>
+    <notify_time>10</notify_time>
+    <time-reconnect>60</time-reconnect>
+    <auto_restart>yes</auto_restart>
+    <crypto_method>aes</crypto_method>
+  </client>
+
+  <client_buffer>
+    <!-- Agent buffer options -->
+    <disabled>no</disabled>
+    <queue_size>15000</queue_size>
+    <events_per_second>500</events_per_second>
+  </client_buffer>
+
+  <!-- Policy monitoring -->
+  <rootcheck>
+    <disabled>no</disabled>
+    <check_files>yes</check_files>
+    <check_trojans>yes</check_trojans>
+    <check_dev>yes</check_dev>
+    <check_sys>yes</check_sys>
+    <check_pids>yes</check_pids>
+    <check_ports>yes</check_ports>
+    <check_if>yes</check_if>
+
+    <!-- Frequency that rootcheck is executed - every 12 hours -->
+    <frequency>43200</frequency>
+
+    <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
+    <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
+
+    <skip_nfs>yes</skip_nfs>
+  </rootcheck>
+
+  <wodle name="open-scap">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+  </wodle>
+
+  <wodle name="cis-cat">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+
+    <java_path>wodles/java</java_path>
+    <ciscat_path>wodles/ciscat</ciscat_path>
+  </wodle>
+
+  <!-- Osquery integration -->
+  <wodle name="osquery">
+    <disabled>yes</disabled>
+    <run_daemon>yes</run_daemon>
+    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
+    <config_path>/etc/osquery/osquery.conf</config_path>
+    <add_labels>yes</add_labels>
+  </wodle>
+
+  <!-- System inventory -->
+  <wodle name="syscollector">
+    <disabled>no</disabled>
+    <interval>1h</interval>
+    <scan_on_start>yes</scan_on_start>
+    <hardware>yes</hardware>
+    <os>yes</os>
+    <network>yes</network>
+    <packages>yes</packages>
+    <ports all="no">yes</ports>
+    <processes>yes</processes>
+  </wodle>
+
+  <sca>
+    <enabled>yes</enabled>
+    <scan_on_start>yes</scan_on_start>
+    <interval>12h</interval>
+    <skip_nfs>yes</skip_nfs>
+  </sca>
+
+
+  <!-- File integrity monitoring -->
+  <syscheck>
+    <disabled>no</disabled>
+
+    <!-- Frequency that syscheck is executed default every 12 hours -->
+    <frequency>10</frequency>
+
+    <scan_on_start>yes</scan_on_start>
+
+    <!-- Directories to check  (perform all possible verifications) -->
+    <directories>/etc,/usr/bin,/usr/sbin</directories>
+    <directories>/bin,/sbin,/boot</directories>
+    <directories>/opt/fim_testing</directories>
+
+    <!-- Files/directories to ignore -->
+    <ignore>/etc/mtab</ignore>
+    <ignore>/etc/hosts.deny</ignore>
+    <ignore>/etc/mail/statistics</ignore>
+    <ignore>/etc/random-seed</ignore>
+    <ignore>/etc/random.seed</ignore>
+    <ignore>/etc/adjtime</ignore>
+    <ignore>/etc/httpd/logs</ignore>
+    <ignore>/etc/utmpx</ignore>
+    <ignore>/etc/wtmpx</ignore>
+    <ignore>/etc/cups/certs</ignore>
+    <ignore>/etc/dumpdates</ignore>
+    <ignore>/etc/svc/volatile</ignore>
+
+    <!-- File types to ignore -->
+    <ignore type="sregex">.log$|.swp$</ignore>
+
+    <!-- Check the file, but never compute the diff -->
+    <nodiff>/etc/ssl/private.key</nodiff>
+
+    <skip_nfs>yes</skip_nfs>
+    <skip_dev>yes</skip_dev>
+    <skip_proc>yes</skip_proc>
+    <skip_sys>yes</skip_sys>
+
+    <!-- Nice value for Syscheck process -->
+    <process_priority>10</process_priority>
+
+    <!-- Maximum output throughput -->
+    <max_eps>200</max_eps>
+
+    <!-- Database synchronization settings -->
+    <synchronization>
+      <enabled>yes</enabled>
+      <interval>5m</interval>
+      <max_interval>1h</max_interval>
+    </synchronization>
+  </syscheck>
+
+  <!-- Log analysis -->
+  <localfile>
+    <log_format>command</log_format>
+    <command>df -P</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
+    <alias>netstat listening ports</alias>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>last -n 20</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <!-- Active response -->
+  <active-response>
+    <disabled>no</disabled>
+    <ca_store>/var/ossec/etc/wpk_root.pem</ca_store>
+    <ca_verification>yes</ca_verification>
+  </active-response>
+
+  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
+  <logging>
+    <log_format>plain</log_format>
+  </logging>
+
+</ossec_config>
+
+<ossec_config>
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/ossec/logs/active-responses.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/auth.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/syslog</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/dpkg.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/kern.log</location>
+  </localfile>
+
+</ossec_config>
diff --git a/tests/system/fim/scenarios/scenario_default_installation/config/agent_windows_ossec.conf b/tests/system/fim/scenarios/scenario_default_installation/config/agent_windows_ossec.conf
new file mode 100644
index 0000000000..01e6d8966e
--- /dev/null
+++ b/tests/system/fim/scenarios/scenario_default_installation/config/agent_windows_ossec.conf
@@ -0,0 +1,207 @@
+<!--
+  Wazuh - Agent - Default configuration for Windows
+  More info at: https://documentation.wazuh.com
+  Mailing list: https://groups.google.com/forum/#!forum/wazuh
+-->
+
+<ossec_config>
+
+  <client>
+    <server>
+      <address>172.16.0.111</address>
+      <port>1514</port>
+      <protocol>udp</protocol>
+    </server>
+    <crypto_method>aes</crypto_method>
+    <notify_time>10</notify_time>
+    <time-reconnect>60</time-reconnect>
+    <auto_restart>yes</auto_restart>
+  </client>
+
+  <!-- Agent buffer options -->
+  <client_buffer>
+    <disabled>no</disabled>
+    <queue_size>15000</queue_size>
+    <events_per_second>500</events_per_second>
+  </client_buffer>
+
+  <!-- Log analysis -->
+  <localfile>
+    <location>Application</location>
+    <log_format>eventchannel</log_format>
+  </localfile>
+
+  <localfile>
+    <location>Security</location>
+    <log_format>eventchannel</log_format>
+    <query>Event/System[EventID != 5145 and EventID != 5156 and EventID != 5447 and
+      EventID != 4656 and EventID != 4658 and EventID != 4663 and EventID != 4660 and
+      EventID != 4670 and EventID != 4690 and EventID != 4703 and EventID != 4907 and
+      EventID != 5152 and EventID != 5157]</query>
+  </localfile>
+
+  <localfile>
+    <location>System</location>
+    <log_format>eventchannel</log_format>
+  </localfile>
+
+  <localfile>
+    <location>active-response\active-responses.log</location>
+    <log_format>syslog</log_format>
+  </localfile>
+
+  <!-- Policy monitoring -->
+  <rootcheck>
+    <disabled>no</disabled>
+    <windows_apps>./shared/win_applications_rcl.txt</windows_apps>
+    <windows_malware>./shared/win_malware_rcl.txt</windows_malware>
+  </rootcheck>
+
+  <!-- Security Configuration Assessment -->
+  <sca>
+    <enabled>yes</enabled>
+    <scan_on_start>yes</scan_on_start>
+    <interval>12h</interval>
+    <skip_nfs>yes</skip_nfs>
+  </sca>
+
+  <!-- File integrity monitoring -->
+  <syscheck>
+
+    <disabled>no</disabled>
+
+    <!-- Frequency that syscheck is executed default every 12 hours -->
+    <frequency>10</frequency>
+
+    <!-- Default files to be monitored. -->
+    <directories recursion_level="320">C:\fim_testing</directories>
+    <directories recursion_level="0" restrict="regedit.exe$|system.ini$|win.ini$">%WINDIR%</directories>
+
+    <directories recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$|net.exe$|net1.exe$|netsh.exe$|reg.exe$|regedt32.exe|regsvr32.exe|runas.exe|sc.exe|schtasks.exe|sethc.exe|subst.exe$">%WINDIR%\SysNative</directories>
+    <directories recursion_level="0">%WINDIR%\SysNative\drivers\etc</directories>
+    <directories recursion_level="0" restrict="WMIC.exe$">%WINDIR%\SysNative\wbem</directories>
+    <directories recursion_level="0" restrict="powershell.exe$">%WINDIR%\SysNative\WindowsPowerShell\v1.0</directories>
+    <directories recursion_level="0" restrict="winrm.vbs$">%WINDIR%\SysNative</directories>
+
+    <!-- 32-bit programs. -->
+    <directories recursion_level="0" restrict="at.exe$|attrib.exe$|cacls.exe$|cmd.exe$|eventcreate.exe$|ftp.exe$|lsass.exe$|net.exe$|net1.exe$|netsh.exe$|reg.exe$|regedit.exe$|regedt32.exe$|regsvr32.exe$|runas.exe$|sc.exe$|schtasks.exe$|sethc.exe$|subst.exe$">%WINDIR%\System32</directories>
+    <directories recursion_level="0">%WINDIR%\System32\drivers\etc</directories>
+    <directories recursion_level="0" restrict="WMIC.exe$">%WINDIR%\System32\wbem</directories>
+    <directories recursion_level="0" restrict="powershell.exe$">%WINDIR%\System32\WindowsPowerShell\v1.0</directories>
+    <directories recursion_level="0" restrict="winrm.vbs$">%WINDIR%\System32</directories>
+
+    <directories realtime="yes">%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup</directories>
+
+    <ignore>%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini</ignore>
+
+    <ignore type="sregex">.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$</ignore>
+
+    <!-- Windows registry entries to monitor. -->
+    <windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\batfile</windows_registry>
+    <windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\cmdfile</windows_registry>
+    <windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\comfile</windows_registry>
+    <windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\exefile</windows_registry>
+    <windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\piffile</windows_registry>
+    <windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects</windows_registry>
+    <windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\Directory</windows_registry>
+    <windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\Folder</windows_registry>
+    <windows_registry arch="both">HKEY_LOCAL_MACHINE\Software\Classes\Protocols</windows_registry>
+    <windows_registry arch="both">HKEY_LOCAL_MACHINE\Software\Policies</windows_registry>
+    <windows_registry>HKEY_LOCAL_MACHINE\Security</windows_registry>
+    <windows_registry arch="both">HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer</windows_registry>
+
+    <windows_registry>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services</windows_registry>
+    <windows_registry>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDLLs</windows_registry>
+    <windows_registry>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\winreg</windows_registry>
+
+    <windows_registry arch="both">HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</windows_registry>
+    <windows_registry arch="both">HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce</windows_registry>
+    <windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx</windows_registry>
+    <windows_registry arch="both">HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL</windows_registry>
+    <windows_registry arch="both">HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies</windows_registry>
+    <windows_registry arch="both">HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows</windows_registry>
+    <windows_registry arch="both">HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon</windows_registry>
+
+    <windows_registry arch="both">HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components</windows_registry>
+
+    <!-- Windows registry entries to ignore. -->
+    <registry_ignore>HKEY_LOCAL_MACHINE\Security\Policy\Secrets</registry_ignore>
+    <registry_ignore>HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account\Users</registry_ignore>
+    <registry_ignore type="sregex">\Enum$</registry_ignore>
+    <registry_ignore>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MpsSvc\Parameters\AppCs</registry_ignore>
+    <registry_ignore>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\DHCP</registry_ignore>
+    <registry_ignore>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn</registry_ignore>
+    <registry_ignore>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut</registry_ignore>
+    <registry_ignore>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap</registry_ignore>
+    <registry_ignore>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo</registry_ignore>
+    <registry_ignore>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PolicyAgent\Parameters\Cache</registry_ignore>
+    <registry_ignore>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx</registry_ignore>
+    <registry_ignore>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ADOVMPPackage\Final</registry_ignore>
+
+    <!-- Frequency for ACL checking (seconds) -->
+    <windows_audit_interval>300</windows_audit_interval>
+
+    <!-- Nice value for Syscheck module -->
+    <process_priority>10</process_priority>
+
+    <!-- Maximum output throughput -->
+    <max_eps>200</max_eps>
+
+    <!-- Database synchronization settings -->
+    <synchronization>
+      <enabled>yes</enabled>
+      <interval>5m</interval>
+      <max_interval>1h</max_interval>
+    </synchronization>
+  </syscheck>
+
+  <!-- System inventory -->
+  <wodle name="syscollector">
+    <disabled>no</disabled>
+    <interval>1h</interval>
+    <scan_on_start>yes</scan_on_start>
+    <hardware>yes</hardware>
+    <os>yes</os>
+    <network>yes</network>
+    <packages>yes</packages>
+    <ports all="no">yes</ports>
+    <processes>yes</processes>
+  </wodle>
+
+  <!-- CIS policies evaluation -->
+  <wodle name="cis-cat">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+
+    <java_path>\\server\jre\bin\java.exe</java_path>
+    <ciscat_path>C:\cis-cat</ciscat_path>
+  </wodle>
+
+  <!-- Osquery integration -->
+  <wodle name="osquery">
+    <disabled>yes</disabled>
+    <run_daemon>yes</run_daemon>
+    <bin_path>C:\Program Files\osquery\osqueryd</bin_path>
+    <log_path>C:\Program Files\osquery\log\osqueryd.results.log</log_path>
+    <config_path>C:\Program Files\osquery\osquery.conf</config_path>
+    <add_labels>yes</add_labels>
+  </wodle>
+
+  <!-- Active response -->
+  <active-response>
+    <disabled>no</disabled>
+    <ca_store>wpk_root.pem</ca_store>
+    <ca_verification>yes</ca_verification>
+  </active-response>
+
+  <!-- Choose between plain or json format (or both) for internal logs -->
+  <logging>
+    <log_format>plain</log_format>
+  </logging>
+
+</ossec_config>
+
+<!-- END of Default Configuration. -->
+
diff --git a/tests/system/fim/scenarios/scenario_default_installation/config/manager_ossec.conf b/tests/system/fim/scenarios/scenario_default_installation/config/manager_ossec.conf
new file mode 100644
index 0000000000..58a0eec910
--- /dev/null
+++ b/tests/system/fim/scenarios/scenario_default_installation/config/manager_ossec.conf
@@ -0,0 +1,370 @@
+<!--
+  Wazuh - Manager - Default configuration
+  More info at: https://documentation.wazuh.com
+  Mailing list: https://groups.google.com/forum/#!forum/wazuh
+-->
+
+<ossec_config>
+  <global>
+    <jsonout_output>yes</jsonout_output>
+    <alerts_log>yes</alerts_log>
+    <logall>no</logall>
+    <logall_json>no</logall_json>
+    <email_notification>no</email_notification>
+    <smtp_server>smtp.example.wazuh.com</smtp_server>
+    <email_from>ossecm@example.wazuh.com</email_from>
+    <email_to>recipient@example.wazuh.com</email_to>
+    <email_maxperhour>12</email_maxperhour>
+    <email_log_source>alerts.log</email_log_source>
+  </global>
+
+  <alerts>
+    <log_alert_level>3</log_alert_level>
+    <email_alert_level>12</email_alert_level>
+  </alerts>
+
+  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
+  <logging>
+    <log_format>plain</log_format>
+  </logging>
+
+  <remote>
+    <connection>secure</connection>
+    <port>1514</port>
+    <protocol>udp</protocol>
+    <queue_size>131072</queue_size>
+  </remote>
+
+  <!-- Policy monitoring -->
+  <rootcheck>
+    <disabled>no</disabled>
+    <check_files>yes</check_files>
+    <check_trojans>yes</check_trojans>
+    <check_dev>yes</check_dev>
+    <check_sys>yes</check_sys>
+    <check_pids>yes</check_pids>
+    <check_ports>yes</check_ports>
+    <check_if>yes</check_if>
+
+    <!-- Frequency that rootcheck is executed - every 12 hours -->
+    <frequency>43200</frequency>
+
+    <rootkit_files>/var/ossec/etc/rootcheck/rootkit_files.txt</rootkit_files>
+    <rootkit_trojans>/var/ossec/etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
+
+    <skip_nfs>yes</skip_nfs>
+  </rootcheck>
+
+  <wodle name="open-scap">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+  </wodle>
+
+  <wodle name="cis-cat">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+
+    <java_path>wodles/java</java_path>
+    <ciscat_path>wodles/ciscat</ciscat_path>
+  </wodle>
+
+  <!-- Osquery integration -->
+  <wodle name="osquery">
+    <disabled>yes</disabled>
+    <run_daemon>yes</run_daemon>
+    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
+    <config_path>/etc/osquery/osquery.conf</config_path>
+    <add_labels>yes</add_labels>
+  </wodle>
+
+  <!-- System inventory -->
+  <wodle name="syscollector">
+    <disabled>no</disabled>
+    <interval>1h</interval>
+    <scan_on_start>yes</scan_on_start>
+    <hardware>yes</hardware>
+    <os>yes</os>
+    <network>yes</network>
+    <packages>yes</packages>
+    <ports all="no">yes</ports>
+    <processes>yes</processes>
+  </wodle>
+
+  <sca>
+    <enabled>yes</enabled>
+    <scan_on_start>yes</scan_on_start>
+    <interval>12h</interval>
+    <skip_nfs>yes</skip_nfs>
+  </sca>
+  
+
+  <vulnerability-detector>
+    <enabled>no</enabled>
+    <interval>5m</interval>
+    <ignore_time>6h</ignore_time>
+    <run_on_start>yes</run_on_start>
+
+    <provider name="canonical">
+      <enabled>no</enabled>
+      <os>precise</os>
+      <os>trusty</os>
+      <os>xenial</os>
+      <os>bionic</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <provider name="debian">
+      <enabled>no</enabled>
+      <os>wheezy</os>
+      <os>stretch</os>
+      <os>jessie</os>
+      <os>buster</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <provider name="redhat">
+      <enabled>no</enabled>
+      <update_from_year>2010</update_from_year>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <provider name="nvd">
+      <enabled>no</enabled>
+      <update_from_year>2010</update_from_year>
+      <update_interval>1h</update_interval>
+    </provider>
+
+  </vulnerability-detector>
+
+  <!-- File integrity monitoring -->
+  <syscheck>
+    <disabled>no</disabled>
+
+    <!-- Frequency that syscheck is executed default every 12 hours -->
+    <frequency>43200</frequency>
+
+    <scan_on_start>yes</scan_on_start>
+
+    <!-- Generate alert when new file detected -->
+    <alert_new_files>yes</alert_new_files>
+
+    <!-- Don't ignore files that change more than 'frequency' times -->
+    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
+
+    <!-- Directories to check  (perform all possible verifications) -->
+    <directories>/etc,/usr/bin,/usr/sbin</directories>
+    <directories>/bin,/sbin,/boot</directories>
+
+    <!-- Files/directories to ignore -->
+    <ignore>/etc/mtab</ignore>
+    <ignore>/etc/hosts.deny</ignore>
+    <ignore>/etc/mail/statistics</ignore>
+    <ignore>/etc/random-seed</ignore>
+    <ignore>/etc/random.seed</ignore>
+    <ignore>/etc/adjtime</ignore>
+    <ignore>/etc/httpd/logs</ignore>
+    <ignore>/etc/utmpx</ignore>
+    <ignore>/etc/wtmpx</ignore>
+    <ignore>/etc/cups/certs</ignore>
+    <ignore>/etc/dumpdates</ignore>
+    <ignore>/etc/svc/volatile</ignore>
+
+    <!-- File types to ignore -->
+    <ignore type="sregex">.log$|.swp$</ignore>
+
+    <!-- Check the file, but never compute the diff -->
+    <nodiff>/etc/ssl/private.key</nodiff>
+
+    <skip_nfs>yes</skip_nfs>
+    <skip_dev>yes</skip_dev>
+    <skip_proc>yes</skip_proc>
+    <skip_sys>yes</skip_sys>
+
+    <!-- Nice value for Syscheck process -->
+    <process_priority>10</process_priority>
+
+    <!-- Maximum output throughput -->
+    <max_eps>200</max_eps>
+
+    <!-- Database synchronization settings -->
+    <synchronization>
+      <enabled>yes</enabled>
+      <interval>5m</interval>
+      <max_interval>1h</max_interval>
+    </synchronization>
+  </syscheck>
+
+  <!-- Active response -->
+  <global>
+    <white_list>127.0.0.1</white_list>
+    <white_list>^localhost.localdomain$</white_list>
+    <white_list>127.0.0.53</white_list>
+  </global>
+
+  <command>
+    <name>disable-account</name>
+    <executable>disable-account.sh</executable>
+    <expect>user</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>restart-ossec</name>
+    <executable>restart-ossec.sh</executable>
+    <expect></expect>
+  </command>
+
+  <command>
+    <name>firewall-drop</name>
+    <executable>firewall-drop.sh</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>host-deny</name>
+    <executable>host-deny.sh</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>route-null</name>
+    <executable>route-null.sh</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>win_route-null</name>
+    <executable>route-null.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>win_route-null-2012</name>
+    <executable>route-null-2012.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>netsh</name>
+    <executable>netsh.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>netsh-win-2016</name>
+    <executable>netsh-win-2016.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <!--
+  <active-response>
+    active-response options here
+  </active-response>
+  -->
+
+  <!-- Log analysis -->
+  <localfile>
+    <log_format>command</log_format>
+    <command>df -P</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
+    <alias>netstat listening ports</alias>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>last -n 20</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <ruleset>
+    <!-- Default ruleset -->
+    <decoder_dir>ruleset/decoders</decoder_dir>
+    <rule_dir>ruleset/rules</rule_dir>
+    <rule_exclude>0215-policy_rules.xml</rule_exclude>
+    <list>etc/lists/audit-keys</list>
+    <list>etc/lists/amazon/aws-eventnames</list>
+    <list>etc/lists/security-eventchannel</list>
+
+    <!-- User-defined ruleset -->
+    <decoder_dir>etc/decoders</decoder_dir>
+    <rule_dir>etc/rules</rule_dir>
+  </ruleset>
+
+  <!-- Configuration for ossec-authd -->
+  <auth>
+    <disabled>no</disabled>
+    <port>1515</port>
+    <use_source_ip>no</use_source_ip>
+    <force_insert>yes</force_insert>
+    <force_time>0</force_time>
+    <purge>yes</purge>
+    <use_password>no</use_password>
+    <limit_maxagents>yes</limit_maxagents>
+    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
+    <!-- <ssl_agent_ca></ssl_agent_ca> -->
+    <ssl_verify_host>no</ssl_verify_host>
+    <ssl_manager_cert>/var/ossec/etc/sslmanager.cert</ssl_manager_cert>
+    <ssl_manager_key>/var/ossec/etc/sslmanager.key</ssl_manager_key>
+    <ssl_auto_negotiate>no</ssl_auto_negotiate>
+  </auth>
+
+  <cluster>
+    <name>wazuh</name>
+    <node_name>node01</node_name>
+    <node_type>master</node_type>
+    <key></key>
+    <port>1516</port>
+    <bind_addr>0.0.0.0</bind_addr>
+    <nodes>
+        <node>NODE_IP</node>
+    </nodes>
+    <hidden>no</hidden>
+    <disabled>yes</disabled>
+  </cluster>
+
+</ossec_config>
+
+<ossec_config>
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/ossec/logs/active-responses.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/auth.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/syslog</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/dpkg.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/kern.log</location>
+  </localfile>
+
+</ossec_config>
diff --git a/tests/system/fim/scenario_default_installation/defaults/main.yml b/tests/system/fim/scenarios/scenario_default_installation/defaults/main.yml
similarity index 100%
rename from tests/system/fim/scenario_default_installation/defaults/main.yml
rename to tests/system/fim/scenarios/scenario_default_installation/defaults/main.yml
diff --git a/tests/system/fim/scenarios/scenario_default_installation/launch_test_scenario.yml b/tests/system/fim/scenarios/scenario_default_installation/launch_test_scenario.yml
new file mode 100644
index 0000000000..dd8ed47ef7
--- /dev/null
+++ b/tests/system/fim/scenarios/scenario_default_installation/launch_test_scenario.yml
@@ -0,0 +1,48 @@
+---
+  - hosts: all
+    vars_files:
+      - ../../vars/main.yml
+
+    handlers:
+      - import_tasks: ../../handlers/main.yml
+
+    tasks:
+      - block:
+        - name: Launching prepare tasks
+          import_tasks: "../../common_tasks/prepare.yml"
+
+        - block:
+          - name: Configure syscheck event.
+            set_fact:
+              event: "added"
+
+          - name: Generating files to trigger FIM alerts
+            import_tasks: "../../common_tasks/create_files.yml"
+
+          - name: Verify generated alerts
+            become: true
+            import_tasks: "../../common_tasks/verify_alerts.yml"
+
+        - block:
+          - name: Configure syscheck event.
+            set_fact:
+              event: "modified"
+
+          - name: Modifiying files to trigger FIM alerts
+            import_tasks: "../../common_tasks/modify_files.yml"
+
+          - name: Verify generated alerts
+            become: true
+            import_tasks: "../../common_tasks/verify_alerts.yml"
+
+        - block:
+          - name: Configure syscheck event.
+            set_fact:
+              event: "deleted"
+
+          - name: Deleting files to trigger FIM alerts
+            import_tasks: "../../common_tasks/delete_files.yml"
+
+          - name: Verify generated alerts
+            become: true
+            import_tasks: "../../common_tasks/verify_alerts.yml"
diff --git a/tests/system/fim/scenario_default_installation/tests/files_generated.txt b/tests/system/fim/scenarios/scenario_default_installation/tests/files_generated.txt
similarity index 100%
rename from tests/system/fim/scenario_default_installation/tests/files_generated.txt
rename to tests/system/fim/scenarios/scenario_default_installation/tests/files_generated.txt
diff --git a/tests/system/fim/vars/main.yml b/tests/system/fim/vars/main.yml
index d858ed2d54..41de455e85 100644
--- a/tests/system/fim/vars/main.yml
+++ b/tests/system/fim/vars/main.yml
@@ -1,11 +1,34 @@
-# Create files
-files_generation_config_path: "config/files_configuration.json"
-files_generated_output_path: "tests/files_generated.txt"
+# ossec folder path
+linux_ossec_folder_path: "/var/ossec"
+windows_ossec_folder_path: "C:\\Program Files (x86)\\ossec-agent"
 
-# Modify/Delete/Verify files
+
+# Create/Modify/Delete files
+agents_linux_output_path: "/opt/fim_files_output"
+agents_windows_output_path: c:\fim_files_output
+files_generated_output_path: "files_generated.txt"
+files_modified_output_path: "files_modified.txt"
+files_deleted_output_path: "files_deleted.txt"
+
+# FIM testing folder
+files_fim_testing_linux: "/opt/fim_testing"
+files_fim_testing_windows: c:\\fim_testing
+
+### Config files
+files_config_source_path: "files_configuration.json"
+files_config_linux_destination_path: "/tmp/{{ files_config_source_path }}"
+files_config_windows_destination_path: "C:\\{{ files_config_source_path }}"
+files_config_manager_ossec_conf: "manager_ossec.conf"
+files_config_agent_linux_ossec_conf: "agent_linux_ossec.conf"
+files_config_agent_windows_ossec_conf: "agent_windows_ossec.conf"
+
+### Tests
+
+syscheck_event: "created"
 alerts_json_path: "/var/ossec/logs/alerts/alerts.json"
-files_modified_output_path: "tests/files_modified.txt"
-files_deleted_output_path: "tests/files_deleted.txt"
-alert_event: "created"
-n_files: 1000
 
+# Results
+agents_results_manager_path: "/opt/agents_files_output"
+agents_results_elastic_path: "/opt/agents_files_output"   # Path on Manager of the imported results from Agents
+missing_alerts_json_path: "missing_alerts_json.txt"
+missing_alerts_elasticsearch_path: "missing_alerts_elasticsearch.txt"
\ No newline at end of file