diff --git a/salt/firewall/defaults.yaml b/salt/firewall/defaults.yaml index ff776d309..9b8325a34 100644 --- a/salt/firewall/defaults.yaml +++ b/salt/firewall/defaults.yaml @@ -1,5 +1,6 @@ firewall: hostgroups: + analyst: [] anywhere: - 0.0.0.0/0 beats_endpoint: [] @@ -215,9 +216,9 @@ firewall: strelka_frontend: portgroups: - strelka_frontend - workstation: + analyst: portgroups: - - yum + - nginx customhostgroup0: portgroups: [] customhostgroup1: @@ -441,6 +442,9 @@ firewall: - elastic_agent_data - elastic_agent_update - sensoroni + analyst: + portgroups: + - nginx beats_endpoint: portgroups: - beats_5044 @@ -626,6 +630,9 @@ firewall: - elastic_agent_data - elastic_agent_update - sensoroni + analyst: + portgroups: + - nginx beats_endpoint: portgroups: - beats_5044 @@ -816,6 +823,9 @@ firewall: - elastic_agent_data - elastic_agent_update - sensoroni + analyst: + portgroups: + - nginx beats_endpoint: portgroups: - beats_5044 @@ -1187,6 +1197,9 @@ firewall: - elastic_agent_control - elastic_agent_data - elastic_agent_update + analyst: + portgroups: + - nginx workstation: portgroups: - yum diff --git a/salt/firewall/soc_firewall.yaml b/salt/firewall/soc_firewall.yaml index 27c52e123..8f8dbb69d 100644 --- a/salt/firewall/soc_firewall.yaml +++ b/salt/firewall/soc_firewall.yaml @@ -1,6 +1,6 @@ firewall: hostgroups: - workstation: &hostgroupsettings + analyst: &hostgroupsettings description: List of IP or CIDR blocks to allow access to this hostgroup. forcedType: "[]string" helplink: firewall.html @@ -45,6 +45,7 @@ firewall: standalone: *hostgroupsettings strelka_frontend: *hostgroupsettings syslog: *hostgroupsettings + workstation: *hostgroupsettings customhostgroup0: &customhostgroupsettings description: List of IP or CIDR blocks to allow to this hostgroup. forcedType: "[]string" @@ -213,6 +214,8 @@ firewall: portgroups: *portgroupsdocker syslog: portgroups: *portgroupsdocker + analyst: + portgroups: *portgroupsdocker workstation: portgroups: *portgroupsdocker customhostgroup0: @@ -361,6 +364,8 @@ firewall: portgroups: *portgroupsdocker endgame: portgroups: *portgroupsdocker + analyst: + portgroups: *portgroupsdocker workstation: portgroups: *portgroupsdocker customhostgroup0: @@ -450,6 +455,8 @@ firewall: portgroups: *portgroupsdocker syslog: portgroups: *portgroupsdocker + analyst: + portgroups: *portgroupsdocker workstation: portgroups: *portgroupsdocker customhostgroup0: @@ -545,6 +552,8 @@ firewall: portgroups: *portgroupsdocker syslog: portgroups: *portgroupsdocker + analyst: + portgroups: *portgroupsdocker workstation: portgroups: *portgroupsdocker customhostgroup0: @@ -811,6 +820,8 @@ firewall: portgroups: *portgroupsdocker elastic_agent_endpoint: portgroups: *portgroupsdocker + analyst: + portgroups: *portgroupsdocker workstation: portgroups: *portgroupsdocker customhostgroup0: