update soc_firewall.yaml

2025-12-07 17:52:46 +01:00 · 2022-09-23 13:08:03 -04:00
parent 2b9322b823
commit 3e2be096be
1 changed files with 48 additions and 3 deletions
--- a/salt/firewall/soc_firewall.yaml
+++ b/salt/firewall/soc_firewall.yaml
@@ -1,10 +1,10 @@
 firewall:
  hostgroups:
-    analyst_workstation:
+    analyst_workstations:
      description: List of IP Addresses or CIDR blocks to allow analyst workstations.
      file: True
      global: True
-      title: Analyst Workstation
+      title: Analyst Workstations
      helpLink: firewall.html#host-groups
    analyst: 
      description: List of IP Addresses or CIDR blocks to allow analyst connections.
@@ -12,6 +12,51 @@ firewall:
      global: True
      title: Analyst
      helpLink: firewall.html#host-groups
+    beats_endpoint:
+      description: List of IP Addresses or CIDR blocks of standard beats without encryption.
+      file: True
+      global: True
+      title: Beats Endpoints
+      helpLink: firewall.html#host-groups
+    beats_endpoint_ssl:
+      description: List of IP Addresses or CIDR blocks of standard beats with encryption.
+      file: True
+      global: True
+      title: Beats Endpoints SSL
+      helplink: firewall.html#host-groups
+    elastic_agent_endpoint:
+      description: List of IP Addresses or CIDR blocks for Elastic Agent connections.
+      file: True
+      global: True
+      title: Elastic Agents
+      helplink: firewall.html#host-groups
+    elasticsearch_rest:
+      description: List of IP Addresses or CIDR blocks to allow access directly to Elasticsearch.
+      file: True
+      global: True
+      title: Elasticsearch Rest
+      advanced: True
+      helplink: firewall.html#host-groups
+    endgame:
+      description: List of IP Addresses or CIDR blocks to allow endgame access.
+      file: True
+      global: True
+      title: Endgame
+      advanced: True
+      helplink: firewall.html#host-groups
+    strelka_frontend:
+      description: List of IP Addresses or CIDR blocks to allow access to the Strelka front end.
+      file: True
+      global: True
+      title: Strelka Frontend
+      advanced: True
+      helplink: firewall.html#host-groups
+    syslog:
+      description: List of IP Addresses or CIDR blocks to allow syslog.
+      file: True
+      global: True
+      title: Syslog Endpoint Traffic
+      helplink: firewall.html#host-groups
    standalone: 
      description: List of IP Addresses or CIDR blocks to allow standalone connections.
      file: True
@@ -30,7 +75,7 @@ firewall:
      description: List of IP Addresses or CIDR blocks to allow idh connections.
      file: True
      global: True
-      title: IDHNode
+      title: IDH Nodes
      helpLink: firewall.html#host-groups
    manager: 
      description: List of IP Addresses or CIDR blocks to allow manager connections.