CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 02:02:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

update soc_firewall.yaml

Browse Source
This commit is contained in:
Mike Reeves
2022-09-23 13:08:03 -04:00
parent 2b9322b823
commit 3e2be096be
1 changed files with 48 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
salt/firewall/soc_firewall.yaml
View File

@@ -1,10 +1,10 @@
firewall: firewall:
hostgroups: hostgroups:
analyst_workstation: analyst_workstations:
description: List of IP Addresses or CIDR blocks to allow analyst workstations. description: List of IP Addresses or CIDR blocks to allow analyst workstations.
file: True file: True
global: True global: True
title: Analyst Workstation title: Analyst Workstations
helpLink: firewall.html#host-groups helpLink: firewall.html#host-groups
analyst: analyst:
description: List of IP Addresses or CIDR blocks to allow analyst connections. description: List of IP Addresses or CIDR blocks to allow analyst connections.
@@ -12,6 +12,51 @@ firewall:
global: True global: True
title: Analyst title: Analyst
helpLink: firewall.html#host-groups helpLink: firewall.html#host-groups
beats_endpoint:
description: List of IP Addresses or CIDR blocks of standard beats without encryption.
file: True
global: True
title: Beats Endpoints
helpLink: firewall.html#host-groups
beats_endpoint_ssl:
description: List of IP Addresses or CIDR blocks of standard beats with encryption.
file: True
global: True
title: Beats Endpoints SSL
helplink: firewall.html#host-groups
elastic_agent_endpoint:
description: List of IP Addresses or CIDR blocks for Elastic Agent connections.
file: True
global: True
title: Elastic Agents
helplink: firewall.html#host-groups
elasticsearch_rest:
description: List of IP Addresses or CIDR blocks to allow access directly to Elasticsearch.
file: True
global: True
title: Elasticsearch Rest
advanced: True
helplink: firewall.html#host-groups
endgame:
description: List of IP Addresses or CIDR blocks to allow endgame access.
file: True
global: True
title: Endgame
advanced: True
helplink: firewall.html#host-groups
strelka_frontend:
description: List of IP Addresses or CIDR blocks to allow access to the Strelka front end.
file: True
global: True
title: Strelka Frontend
advanced: True
helplink: firewall.html#host-groups
syslog:
description: List of IP Addresses or CIDR blocks to allow syslog.
file: True
global: True
title: Syslog Endpoint Traffic
helplink: firewall.html#host-groups
standalone: standalone:
description: List of IP Addresses or CIDR blocks to allow standalone connections. description: List of IP Addresses or CIDR blocks to allow standalone connections.
file: True file: True
@@ -30,7 +75,7 @@ firewall:
description: List of IP Addresses or CIDR blocks to allow idh connections. description: List of IP Addresses or CIDR blocks to allow idh connections.
file: True file: True
global: True global: True
title: IDHNode title: IDH Nodes
helpLink: firewall.html#host-groups helpLink: firewall.html#host-groups
manager: manager:
description: List of IP Addresses or CIDR blocks to allow manager connections. description: List of IP Addresses or CIDR blocks to allow manager connections.