diff --git a/README.md b/README.md
index 51a3540bf8800bfb8a5632a94370c927cd39d824..d4be5ba296572c7221292ec9c501a264165d4844 100644
--- a/README.md
+++ b/README.md
@@ -36,6 +36,16 @@ You should see 2 agents registered and running with Wazuh.
 ```
 $ PORT=8088 npx http-echo-server
 ```
+
+## Using Evidence Collector
+
+To see Evidence Collector's output, `ssh` to it's machine and open Docker logs:
+
+```
+$ make ssh-evidence-collector
+$ docker logs -ft evidence-collector
+```
+
 ## Potential issues
  
 ### Vagrant issue:
diff --git a/security-monitoring-ansible/Makefile b/security-monitoring-ansible/Makefile
index 394e7ffbda06c325f1a897eccee47db497c26d4c..84021dcc21329fcfb001e5ff5ca3774dad416b79 100644
--- a/security-monitoring-ansible/Makefile
+++ b/security-monitoring-ansible/Makefile
@@ -1,4 +1,4 @@
-ENVIRONMENT ?= vagrant-1manager-2agents
+ENVIRONMENT ?= vagrant-full-setup
 DEPLOY_DIR = $(PWD)
 ENV_DIR = $(DEPLOY_DIR)/environments/$(ENVIRONMENT)
 ANSIBLE_DIR = $(DEPLOY_DIR)/ansible
@@ -17,5 +17,8 @@ provision-managers:
 provision-agents:
 	@ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook $(ANSIBLE_ARGS) $(ANSIBLE_DIR)/provision-agents.yml
 
+provision-evidence-collector:
+	@ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook $(ANSIBLE_ARGS) $(ANSIBLE_DIR)/provision-evidence-collector.yml
+
 provision:
 	@ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook $(ANSIBLE_ARGS) $(ANSIBLE_DIR)/provision.yml
\ No newline at end of file
diff --git a/security-monitoring-ansible/ansible/docker/credentials/credentials.yml b/security-monitoring-ansible/ansible/docker/credentials/credentials.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d3e73186b46ceba31145217394d228d46c65955a
--- /dev/null
+++ b/security-monitoring-ansible/ansible/docker/credentials/credentials.yml
@@ -0,0 +1,4 @@
+---
+docker_registry: 'registry-gitlab.xlab.si'
+docker_username: 'gitlab+deploy-token-53'
+docker_token: '_yRiffnzyub8XmuJ4ugr'
\ No newline at end of file
diff --git a/security-monitoring-ansible/ansible/docker/credentials/vars.yml b/security-monitoring-ansible/ansible/docker/credentials/vars.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e209b5f66949fa798c1eb9450c41ce0b63578bf0
--- /dev/null
+++ b/security-monitoring-ansible/ansible/docker/credentials/vars.yml
@@ -0,0 +1,3 @@
+---
+- name: include credentials
+  include_vars: credentials.yml
\ No newline at end of file
diff --git a/security-monitoring-ansible/ansible/provision-evidence-collector.yml b/security-monitoring-ansible/ansible/provision-evidence-collector.yml
new file mode 100644
index 0000000000000000000000000000000000000000..655791cd68771f7eb3c7b1d3a715e6f115d0fb39
--- /dev/null
+++ b/security-monitoring-ansible/ansible/provision-evidence-collector.yml
@@ -0,0 +1,13 @@
+---
+# Evidence Collector
+  - hosts: evidence_collector
+    become: yes
+    pre_tasks:
+    - import_tasks: "{{ ansible_dir }}/docker/credentials/vars.yml"
+    roles:    
+      - docker
+    tasks:
+      - name: Login to Docker registry
+        shell: "docker login -u {{ docker_username }} -p {{ docker_token }} {{ docker_registry }}"
+      - name: Run Docker container
+        shell: "docker run --name evidence-collector -d {{ docker_registry }}/medina/evidence-collector:latest" 
\ No newline at end of file
diff --git a/security-monitoring-ansible/ansible/provision.yml b/security-monitoring-ansible/ansible/provision.yml
index a4ff61d0e660002b2d7130a081fafeac02332740..6901c339d3bad30efd718058f10e2e26e5369f31 100644
--- a/security-monitoring-ansible/ansible/provision.yml
+++ b/security-monitoring-ansible/ansible/provision.yml
@@ -3,4 +3,7 @@
   import_playbook: provision-managers.yml
 
 - name: Start provision of the Wazuh Agents
-  import_playbook: provision-agents.yml
\ No newline at end of file
+  import_playbook: provision-agents.yml
+
+- name: Start provision of Evidence Collector
+  import_playbook: provision-evidence-collector.yml
\ No newline at end of file
diff --git a/security-monitoring-ansible/environments/vagrant-1manager-2agents/Vagrantfile b/security-monitoring-ansible/environments/vagrant-full-setup/Vagrantfile
similarity index 58%
rename from security-monitoring-ansible/environments/vagrant-1manager-2agents/Vagrantfile
rename to security-monitoring-ansible/environments/vagrant-full-setup/Vagrantfile
index 157229a6ea4fb84c503fc64207d59efa679ae6be..e2ecdd6e0393258239193e9ca400ec1eaff38a69 100644
--- a/security-monitoring-ansible/environments/vagrant-1manager-2agents/Vagrantfile
+++ b/security-monitoring-ansible/environments/vagrant-full-setup/Vagrantfile
@@ -22,6 +22,13 @@ servers=[
     :box => "centos/7",
     :ram => 512,
     :cpu => 1
+  },
+  {
+    :hostname => "evidence-collector",
+    :ip => "192.168.33.13",
+    :box => "centos/7",
+    :ram => 2048,
+    :cpu => 2
   }
 ]
 
@@ -32,14 +39,14 @@ Vagrant.configure(2) do |config|
           #   "You are trying to forward a host IP that does not exist. Please set `host_ip`
           #   to the address of an existing IPv4 network interface, or remove the option
           #   from your port forward configuration."
-          if machine[:hostname] == "manager"
-            node.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "192.168.33.10"
-            node.vm.network "forwarded_port", guest: 443, host: 8443 , host_ip: "192.168.33.10"
-            node.vm.network "forwarded_port", guest: 55000, host: 55000 , host_ip: "192.168.33.10"
-            node.vm.network "forwarded_port", guest: 1514, host: 1514 , host_ip: "192.168.33.10"
-            node.vm.network "forwarded_port", guest: 1515, host: 1515 , host_ip: "192.168.33.10"
-            node.vm.network "forwarded_port", guest: 1516, host: 1516 , host_ip: "192.168.33.10"
-          end
+          #if machine[:hostname] == "manager"
+          #  node.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "192.168.33.10"
+          #  node.vm.network "forwarded_port", guest: 443, host: 8443 , host_ip: "192.168.33.10"
+          #  node.vm.network "forwarded_port", guest: 55000, host: 55000 , host_ip: "192.168.33.10"
+          #  node.vm.network "forwarded_port", guest: 1514, host: 1514 , host_ip: "192.168.33.10"
+          #  node.vm.network "forwarded_port", guest: 1515, host: 1515 , host_ip: "192.168.33.10"
+          #  node.vm.network "forwarded_port", guest: 1516, host: 1516 , host_ip: "192.168.33.10"
+          #end
           node.vm.box = machine[:box]
           node.vm.hostname = machine[:hostname]
           node.vm.network "private_network", ip: machine[:ip]
diff --git a/security-monitoring-ansible/environments/vagrant-1manager-2agents/inventory.txt b/security-monitoring-ansible/environments/vagrant-full-setup/inventory.txt
similarity index 52%
rename from security-monitoring-ansible/environments/vagrant-1manager-2agents/inventory.txt
rename to security-monitoring-ansible/environments/vagrant-full-setup/inventory.txt
index 2626412b402112508c979649780ceb14f1ba723c..05e28e470ec609705bd594df91f2153b60d8b782 100644
--- a/security-monitoring-ansible/environments/vagrant-1manager-2agents/inventory.txt
+++ b/security-monitoring-ansible/environments/vagrant-full-setup/inventory.txt
@@ -1,12 +1,18 @@
 [wazuh_managers]
-192.168.33.10 public_ip=192.168.33.10 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-1manager-2agents/.vagrant/machines/manager/virtualbox/private_key
+192.168.33.10 public_ip=192.168.33.10 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-full-setup/.vagrant/machines/manager/virtualbox/private_key
 
 [wazuh_managers:vars]
 ansible_ssh_common_args='-o StrictHostKeyChecking=no'
 
 [wazuh_agents]
-192.168.33.11 public_ip=192.168.33.11 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-1manager-2agents/.vagrant/machines/agent1/virtualbox/private_key
-192.168.33.12 public_ip=192.168.33.12 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-1manager-2agents/.vagrant/machines/agent2/virtualbox/private_key
+192.168.33.11 public_ip=192.168.33.11 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-full-setup/.vagrant/machines/agent1/virtualbox/private_key
+192.168.33.12 public_ip=192.168.33.12 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-full-setup/.vagrant/machines/agent2/virtualbox/private_key
 
 [wazuh_agents:vars]
+ansible_ssh_common_args='-o StrictHostKeyChecking=no'
+
+[evidence_collector]
+192.168.33.13 public_ip=192.168.33.13 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-full-setup/.vagrant/machines/evidence-collector/virtualbox/private_key
+
+[evidence_collector:vars]
 ansible_ssh_common_args='-o StrictHostKeyChecking=no'
\ No newline at end of file
diff --git a/security-monitoring-ansible/environments/vagrant-1manager-2agents/vagrant-1manager-2agents.mk b/security-monitoring-ansible/environments/vagrant-full-setup/vagrant-full-setup.mk
similarity index 75%
rename from security-monitoring-ansible/environments/vagrant-1manager-2agents/vagrant-1manager-2agents.mk
rename to security-monitoring-ansible/environments/vagrant-full-setup/vagrant-full-setup.mk
index 244fcdd42c366fc7c7140b7ada8a50620a77096f..cf5009bb77e1e293c46321646e8509af8d9f0c12 100644
--- a/security-monitoring-ansible/environments/vagrant-1manager-2agents/vagrant-1manager-2agents.mk
+++ b/security-monitoring-ansible/environments/vagrant-full-setup/vagrant-full-setup.mk
@@ -15,4 +15,7 @@ ssh-agent1:
 	@$(VAGRANT_RUN) ssh agent1
 
 ssh-agent2:
-	@$(VAGRANT_RUN) ssh agent2
\ No newline at end of file
+	@$(VAGRANT_RUN) ssh agent2
+
+ssh-evidence-collector:
+	@$(VAGRANT_RUN) ssh evidence-collector
\ No newline at end of file