diff --git a/salt/firewall/soc_firewall.yaml b/salt/firewall/soc_firewall.yaml
index e630736b3..9ff89231e 100644
--- a/salt/firewall/soc_firewall.yaml
+++ b/salt/firewall/soc_firewall.yaml
@@ -1,10 +1,10 @@
 firewall:
   hostgroups:
-    analyst_workstation:
+    analyst_workstations:
       description: List of IP Addresses or CIDR blocks to allow analyst workstations.
       file: True
       global: True
-      title: Analyst Workstation
+      title: Analyst Workstations
       helpLink: firewall.html#host-groups
     analyst: 
       description: List of IP Addresses or CIDR blocks to allow analyst connections.
@@ -12,6 +12,51 @@ firewall:
       global: True
       title: Analyst
       helpLink: firewall.html#host-groups
+    beats_endpoint:
+      description: List of IP Addresses or CIDR blocks of standard beats without encryption.
+      file: True
+      global: True
+      title: Beats Endpoints
+      helpLink: firewall.html#host-groups
+    beats_endpoint_ssl:
+      description: List of IP Addresses or CIDR blocks of standard beats with encryption.
+      file: True
+      global: True
+      title: Beats Endpoints SSL
+      helplink: firewall.html#host-groups
+    elastic_agent_endpoint:
+      description: List of IP Addresses or CIDR blocks for Elastic Agent connections.
+      file: True
+      global: True
+      title: Elastic Agents
+      helplink: firewall.html#host-groups
+    elasticsearch_rest:
+      description: List of IP Addresses or CIDR blocks to allow access directly to Elasticsearch.
+      file: True
+      global: True
+      title: Elasticsearch Rest
+      advanced: True
+      helplink: firewall.html#host-groups
+    endgame:
+      description: List of IP Addresses or CIDR blocks to allow endgame access.
+      file: True
+      global: True
+      title: Endgame
+      advanced: True
+      helplink: firewall.html#host-groups
+    strelka_frontend:
+      description: List of IP Addresses or CIDR blocks to allow access to the Strelka front end.
+      file: True
+      global: True
+      title: Strelka Frontend
+      advanced: True
+      helplink: firewall.html#host-groups
+    syslog:
+      description: List of IP Addresses or CIDR blocks to allow syslog.
+      file: True
+      global: True
+      title: Syslog Endpoint Traffic
+      helplink: firewall.html#host-groups
     standalone: 
       description: List of IP Addresses or CIDR blocks to allow standalone connections.
       file: True
@@ -30,7 +75,7 @@ firewall:
       description: List of IP Addresses or CIDR blocks to allow idh connections.
       file: True
       global: True
-      title: IDHNode
+      title: IDH Nodes
       helpLink: firewall.html#host-groups
     manager: 
       description: List of IP Addresses or CIDR blocks to allow manager connections.