diff --git a/Dockerfile b/Dockerfile
index 9408762203335175084f273419048f0e9c910119..b3261690e85a63f0267bab045697fa16a842440f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,8 +14,8 @@ RUN yum update --setopt=tsflags=nodocs -y && \
 
 RUN mkdir /usr/share/kibana
 WORKDIR /usr/share/kibana
-COPY --chown=1000:0 kibana-7.10.2-linux-x86_64.tar.gz .
-RUN tar --strip-components=1 -zxf kibana-7.10.2-linux-x86_64.tar.gz
+COPY --chown=1000:0 kibana-7.11.1-linux-x86_64.tar.gz .
+RUN tar --strip-components=1 -zxf kibana-7.11.1-linux-x86_64.tar.gz
 
 # Ensure that group permissions are the same as user permissions.
 # This will help when relying on GID-0 to run Kibana, rather than UID-1000.
@@ -70,6 +70,8 @@ RUN groupadd --gid 1000 kibana && \
       --home-dir /usr/share/kibana --no-create-home \
       kibana
 
+USER kibana
+
 ENTRYPOINT ["/bin/tini", "--"]
 
 CMD ["/usr/local/bin/kibana-docker"]
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 52c0f1056a13bb37e42f624b4becbfaddb0123f9..c5be8553103f88b02b0f2b29e6dc748692c77c67 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -8,7 +8,7 @@ name: "elastic/kibana/kibana"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dsop.io
 tags:
-- "7.10.2"
+- "7.11.1"
 - "latest"
 
 # Build args passed to Dockerfile ARGs
@@ -23,18 +23,18 @@ labels:
   org.opencontainers.image.licenses: "Elastic License"
   org.opencontainers.image.url: "https://www.elastic.co/products/kibana"
   org.opencontainers.image.vendor: "Elastic"
-  org.opencontainers.image.version: "7.10.2"
+  org.opencontainers.image.version: "7.11.1"
   # mil.dso.ironbank.image.keywords: ""
   # mil.dso.ironbank.image.type: "commercial"
   mil.dso.ironbank.product.name: "Kibana"
 
 # List of resources to make available to the offline build context
 resources:
-- filename: kibana-7.10.2-linux-x86_64.tar.gz
-  url: https://artifacts.elastic.co/downloads/kibana/kibana-7.10.2-linux-x86_64.tar.gz
+- filename: kibana-7.11.1-linux-x86_64.tar.gz
+  url: https://artifacts.elastic.co/downloads/kibana/kibana-7.11.1-linux-x86_64.tar.gz
   validation:
     type: sha512
-    value: aa68f850cc09cf5dcb7c0b48bb8df788ca58eaad38d96141b8e59917fd38b42c728c0968f7cb2c8132c5aaeb595525cdde0859554346c496f53c569e03abe412
+    value: 5facaac7adced5ac2830158d6a7994d9c32e042c320f250626166a9e86cce3fa4c3e8b92809526492b4d09b0b8623ea2c3bfd02751a8f1387bc3f09a1bee642b
 - filename: tini
   url: https://github.com/krallin/tini/releases/download/v0.19.0/tini-amd64
   validation:
diff --git a/scripts/kibana-docker b/scripts/kibana-docker
index 49feba178f3e8c38ff93335ed06d030e8e94d459..33f994c1826fbe498b14ec9469d0391d8982664c 100755
--- a/scripts/kibana-docker
+++ b/scripts/kibana-docker
@@ -47,6 +47,10 @@ kibana_vars=(
     elasticsearch.ssl.truststore.password
     elasticsearch.ssl.verificationMode
     elasticsearch.username
+    enterpriseSearch.accessCheckTimeout
+    enterpriseSearch.accessCheckTimeoutWarning
+    enterpriseSearch.enabled
+    enterpriseSearch.host
     i18n.locale
     interpreter.enableInVisualize
     kibana.autocompleteTerminateAfter