CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

add analyst back

Browse Source
This commit is contained in:
m0duspwnens
2023-08-04 09:56:33 -04:00
parent 3b86b60207
commit 014aeffb2a
2 changed files with 27 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
salt/firewall/defaults.yaml
View File

@@ -1,5 +1,6 @@
firewall: firewall:
hostgroups: hostgroups:
analyst: []
anywhere: anywhere:
- 0.0.0.0/0 - 0.0.0.0/0
beats_endpoint: [] beats_endpoint: []
@@ -215,9 +216,9 @@ firewall:
strelka_frontend: strelka_frontend:
portgroups: portgroups:
- strelka_frontend - strelka_frontend
workstation: analyst:
portgroups: portgroups:
- yum - nginx
customhostgroup0: customhostgroup0:
portgroups: [] portgroups: []
customhostgroup1: customhostgroup1:
@@ -441,6 +442,9 @@ firewall:
- elastic_agent_data - elastic_agent_data
- elastic_agent_update - elastic_agent_update
- sensoroni - sensoroni
analyst:
portgroups:
- nginx
beats_endpoint: beats_endpoint:
portgroups: portgroups:
- beats_5044 - beats_5044
@@ -626,6 +630,9 @@ firewall:
- elastic_agent_data - elastic_agent_data
- elastic_agent_update - elastic_agent_update
- sensoroni - sensoroni
analyst:
portgroups:
- nginx
beats_endpoint: beats_endpoint:
portgroups: portgroups:
- beats_5044 - beats_5044
@@ -816,6 +823,9 @@ firewall:
- elastic_agent_data - elastic_agent_data
- elastic_agent_update - elastic_agent_update
- sensoroni - sensoroni
analyst:
portgroups:
- nginx
beats_endpoint: beats_endpoint:
portgroups: portgroups:
- beats_5044 - beats_5044
@@ -1187,6 +1197,9 @@ firewall:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update - elastic_agent_update
analyst:
portgroups:
- nginx
workstation: workstation:
portgroups: portgroups:
- yum - yum

13
salt/firewall/soc_firewall.yaml
View File

@@ -1,6 +1,6 @@
firewall: firewall:
hostgroups: hostgroups:
workstation: &hostgroupsettings analyst: &hostgroupsettings
description: List of IP or CIDR blocks to allow access to this hostgroup. description: List of IP or CIDR blocks to allow access to this hostgroup.
forcedType: "[]string" forcedType: "[]string"
helplink: firewall.html helplink: firewall.html
@@ -45,6 +45,7 @@ firewall:
standalone: *hostgroupsettings standalone: *hostgroupsettings
strelka_frontend: *hostgroupsettings strelka_frontend: *hostgroupsettings
syslog: *hostgroupsettings syslog: *hostgroupsettings
workstation: *hostgroupsettings
customhostgroup0: &customhostgroupsettings customhostgroup0: &customhostgroupsettings
description: List of IP or CIDR blocks to allow to this hostgroup. description: List of IP or CIDR blocks to allow to this hostgroup.
forcedType: "[]string" forcedType: "[]string"
@@ -213,6 +214,8 @@ firewall:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
syslog: syslog:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
analyst:
portgroups: *portgroupsdocker
workstation: workstation:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
customhostgroup0: customhostgroup0:
@@ -361,6 +364,8 @@ firewall:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
endgame: endgame:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
analyst:
portgroups: *portgroupsdocker
workstation: workstation:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
customhostgroup0: customhostgroup0:
@@ -450,6 +455,8 @@ firewall:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
syslog: syslog:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
analyst:
portgroups: *portgroupsdocker
workstation: workstation:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
customhostgroup0: customhostgroup0:
@@ -545,6 +552,8 @@ firewall:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
syslog: syslog:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
analyst:
portgroups: *portgroupsdocker
workstation: workstation:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
customhostgroup0: customhostgroup0:
@@ -811,6 +820,8 @@ firewall:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
elastic_agent_endpoint: elastic_agent_endpoint:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
analyst:
portgroups: *portgroupsdocker
workstation: workstation:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
customhostgroup0: customhostgroup0: