diff --git a/modules/generators/structured_content/hackerbot_config/ids_rules/templates/lab.xml.erb b/modules/generators/structured_content/hackerbot_config/ids_rules/templates/lab.xml.erb
index 4fedd0bf1..0e7741760 100644
--- a/modules/generators/structured_content/hackerbot_config/ids_rules/templates/lab.xml.erb
+++ b/modules/generators/structured_content/hackerbot_config/ids_rules/templates/lab.xml.erb
@@ -145,7 +145,7 @@ Randomised instance generated by [SecGen](http://github.com/cliffe/SecGen) (<%=
 		<get_shell>false</get_shell>
 		<post_command></post_command>
 
-		<prompt>Create a Snort rule that detects any TCP connection attempt to TCP port <%= $rand_port %>. The alert must include the message "<%= $rand_alert1 %>".</prompt>
+		<prompt>Create a Snort rule that detects any TCP connection attempt to TCP port <%= $rand_port %> to <%= $web_server_ip %>. The alert must include the message "<%= $rand_alert1 %>".</prompt>
 
 		<condition>
 			<output_matches>^--1</output_matches>
@@ -181,7 +181,7 @@ Randomised instance generated by [SecGen](http://github.com/cliffe/SecGen) (<%=
 		<get_shell>false</get_shell>
 		<post_command></post_command>
 
-		<prompt>Create a Snort rule that detects any packet with the contents "<%= $rand_content1 %>". The alert must include the message "<%= $rand_alert2 %>".</prompt>
+		<prompt>Create a Snort rule that detects any packet with the contents "<%= $rand_content1 %>" to <%= $web_server_ip %>. The alert must include the message "<%= $rand_alert2 %>".</prompt>
 
 		<condition>
 			<output_matches>^--1</output_matches>
@@ -219,7 +219,7 @@ Randomised instance generated by [SecGen](http://github.com/cliffe/SecGen) (<%=
 		<get_shell>false</get_shell>
 		<post_command></post_command>
 
-		<prompt>Create a Snort rule that detects any unencrypted POP3 email *user authentication attempt* (someone trying to log in). The alert must include the message "<%= $rand_alert4 %>". Up to three flags will be awarded, based on the quality of the rule.</prompt>
+		<prompt>Create a Snort rule that detects any unencrypted POP3 email *user authentication attempt* (someone trying to log in), to a mail server on <%= $web_server_ip %>. The alert must include the message "<%= $rand_alert4 %>". Up to three flags will be awarded, based on the quality of the rule.</prompt>
 
 		<condition>
 			<output_matches>^--1</output_matches>
@@ -231,12 +231,12 @@ Randomised instance generated by [SecGen](http://github.com/cliffe/SecGen) (<%=
 		</condition>
 		<condition>
 			<output_matches>^--0.*<%= $rand_alert4 %>.*Classification.*User.*<%= $rand_alert4 %></output_matches>
-			<message>:-D Well done! ALL THREE FLAGS!: <%= $flag1 %>, <%= $flag2 %>, <%= $flag3 %>. Could be improved with a meaningful classification.</message>
+			<message>:-D Well done! ALL THREE FLAGS!: <%= $flag1 %>, <%= $flag2 %>, <%= $flag3 %>.</message>
 			<trigger_next_attack />
 		</condition>
 		<condition>
 			<output_matches>^--0.*<%= $rand_alert4 %>.*<%= $rand_alert4 %></output_matches>
-			<message>8-) Well done! Two flags: <%= $flag1 %>, <%= $flag2 %>. Could be improved with a classification.</message>
+			<message>8-) Well done! Two flags: <%= $flag1 %>, <%= $flag2 %>. Could be further improved with a classification.</message>
 			<trigger_next_attack />
 		</condition>
 		<condition>
diff --git a/modules/generators/structured_content/hackerbot_config/ids_rules/templates/random_service_ids_rule.xml.erb b/modules/generators/structured_content/hackerbot_config/ids_rules/templates/random_service_ids_rule.xml.erb
index 0c5a2d53f..75d590e25 100644
--- a/modules/generators/structured_content/hackerbot_config/ids_rules/templates/random_service_ids_rule.xml.erb
+++ b/modules/generators/structured_content/hackerbot_config/ids_rules/templates/random_service_ids_rule.xml.erb
@@ -6,7 +6,7 @@
 		<get_shell>false</get_shell>
 		<post_command></post_command>
 
-		<prompt>Create a Snort rule that detects any TCP connection attempt to <%= $rand_service1 %> (just the connection attempt, does not require content inspection). The alert must include the message "<%= $rand_alert3 %>".</prompt>
+		<prompt>Create a Snort rule that detects any TCP connection attempt to <%= $rand_service1 %> (just the connection attempt, does not require content inspection) on <%= $web_server_ip %>. The alert must include the message "<%= $rand_alert3 %>".</prompt>
 
 		<condition>
 			<output_matches>^--1</output_matches>
diff --git a/scenarios/labs/5_ids_rules.xml b/scenarios/labs/5_ids_rules.xml
index ddbde1bc4..6f63989e8 100644
--- a/scenarios/labs/5_ids_rules.xml
+++ b/scenarios/labs/5_ids_rules.xml
@@ -8,6 +8,13 @@
 		<system_name>desktop</system_name>
 		<base distro="Debian 7.8" type="desktop" name="KDE"/>
 
+		<input into_datastore="IP_addresses">
+			<value>172.16.0.2</value>
+			<value>172.16.0.3</value>
+			<value>172.16.0.4</value>
+			<value>172.16.0.5</value>
+		</input>
+
 		<input into_datastore="organisation">
 			<generator type="realistic_organisation"/>
 		</input>
@@ -115,13 +122,13 @@
 				<value>true</value>
 			</input>
 			<input into="start_page">
-				<value>http://172.16.0.5</value>
+				<datastore access="3">IP_addresses</datastore>
 			</input>
 		</utility>
 
 		<utility module_path=".*pidgin">
 			<input into="server_ip">
-				<value>172.16.0.5</value>
+				<datastore access="3">IP_addresses</datastore>
 			</input>
 			<input into="accounts">
 				<datastore access="0">accounts</datastore>
@@ -134,7 +141,11 @@
 			</input>
 		</vulnerability>
 
-		<network type="private_network" range="172.16.0.0"/>
+		<network type="private_network" >
+			<input into="IP_address">
+				<datastore access="0">IP_addresses</datastore>
+			</input>
+		</network>
 	</system>
 
 	<system>
@@ -169,7 +180,11 @@
 			</input>
 		</vulnerability>
 
-		<network type="private_network" range="172.16.0.0"/>
+		<network type="private_network">
+			<input into="IP_address">
+				<datastore access="1">IP_addresses</datastore>
+			</input>
+		</network>
 	</system>
 
 	<system>
@@ -201,7 +216,11 @@
 			</input>
 		</vulnerability>
 
-		<network type="private_network" range="172.16.0.0"/>
+		<network type="private_network" >
+			<input into="IP_address">
+				<datastore access="2">IP_addresses</datastore>
+			</input>
+		</network>
 	</system>
 
 	<system>
@@ -226,19 +245,23 @@
 						<datastore>hackerbot_access_root_password</datastore>
 					</input>
 					<input into="ids_server_ip">
-						<value>172.16.0.3</value>
+						<datastore access="1">IP_addresses</datastore>
 					</input>
 					<input into="web_server_ip">
-						<value>172.16.0.4</value>
+						<datastore access="2">IP_addresses</datastore>
 					</input>
 					<input into="hackerbot_server_ip">
-						<value>172.16.0.5</value>
+						<datastore access="3">IP_addresses</datastore>
 					</input>
 				</generator>
 			</input>
 		</utility>
 
-		<network type="private_network" range="172.16.0.0"/>
+		<network type="private_network" >
+			<input into="IP_address">
+				<datastore access="3">IP_addresses</datastore>
+			</input>
+		</network>
 
 		<build type="cleanup">
 			<input into="root_password">