mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
add rules for idh to connect to managers, change idh from sensor to idh in so-firewall-minion
This commit is contained in:
m0duspwnens
@@ -383,6 +383,17 @@ firewall:
|
|||||||
- elastic_agent_control
|
- elastic_agent_control
|
||||||
- elastic_agent_data
|
- elastic_agent_data
|
||||||
- elastic_agent_update
|
- elastic_agent_update
|
||||||
|
idh:
|
||||||
|
portgroups:
|
||||||
|
- docker_registry
|
||||||
|
- influxdb
|
||||||
|
- sensoroni
|
||||||
|
- yum
|
||||||
|
- beats_5044
|
||||||
|
- beats_5644
|
||||||
|
- elastic_agent_control
|
||||||
|
- elastic_agent_data
|
||||||
|
- elastic_agent_update
|
||||||
sensor:
|
sensor:
|
||||||
portgroups:
|
portgroups:
|
||||||
- beats_5044
|
- beats_5044
|
||||||
@@ -548,6 +559,17 @@ firewall:
|
|||||||
- elastic_agent_control
|
- elastic_agent_control
|
||||||
- elastic_agent_data
|
- elastic_agent_data
|
||||||
- elastic_agent_update
|
- elastic_agent_update
|
||||||
|
idh:
|
||||||
|
portgroups:
|
||||||
|
- docker_registry
|
||||||
|
- influxdb
|
||||||
|
- sensoroni
|
||||||
|
- yum
|
||||||
|
- beats_5044
|
||||||
|
- beats_5644
|
||||||
|
- elastic_agent_control
|
||||||
|
- elastic_agent_data
|
||||||
|
- elastic_agent_update
|
||||||
sensor:
|
sensor:
|
||||||
portgroups:
|
portgroups:
|
||||||
- beats_5044
|
- beats_5044
|
||||||
@@ -723,6 +745,17 @@ firewall:
|
|||||||
- elastic_agent_control
|
- elastic_agent_control
|
||||||
- elastic_agent_data
|
- elastic_agent_data
|
||||||
- elastic_agent_update
|
- elastic_agent_update
|
||||||
|
idh:
|
||||||
|
portgroups:
|
||||||
|
- docker_registry
|
||||||
|
- influxdb
|
||||||
|
- sensoroni
|
||||||
|
- yum
|
||||||
|
- beats_5044
|
||||||
|
- beats_5644
|
||||||
|
- elastic_agent_control
|
||||||
|
- elastic_agent_data
|
||||||
|
- elastic_agent_update
|
||||||
sensor:
|
sensor:
|
||||||
portgroups:
|
portgroups:
|
||||||
- docker_registry
|
- docker_registry
|
||||||
|
|||||||
@@ -74,7 +74,7 @@ fi
|
|||||||
so-firewall includehost heavynode "$IP" --apply
|
so-firewall includehost heavynode "$IP" --apply
|
||||||
;;
|
;;
|
||||||
'IDH')
|
'IDH')
|
||||||
so-firewall includehost sensor "$IP" --apply
|
so-firewall includehost idh "$IP" --apply
|
||||||
;;
|
;;
|
||||||
'RECEIVER')
|
'RECEIVER')
|
||||||
so-firewall includehost receiver "$IP" --apply
|
so-firewall includehost receiver "$IP" --apply
|
||||||
|
|||||||
Reference in New Issue
Block a user