diff --git a/salt/firewall/defaults.yaml b/salt/firewall/defaults.yaml index fc5368e12..b9bfdbf63 100644 --- a/salt/firewall/defaults.yaml +++ b/salt/firewall/defaults.yaml @@ -10,6 +10,7 @@ firewall: elasticsearch_rest: [] endgame: [] eval: [] + external_suricata: [] fleet: [] heavynode: [] idh: [] @@ -86,6 +87,10 @@ firewall: tcp: - 3765 udp: [] + external_suricata: + tcp: + - 7789 + udp: [] influxdb: tcp: - 8086 @@ -216,6 +221,9 @@ firewall: analyst: portgroups: - nginx + external_suricata: + portgroups: + - external_suricata customhostgroup0: portgroups: [] customhostgroup1: @@ -462,6 +470,9 @@ firewall: endgame: portgroups: - endgame + external_suricata: + portgroups: + - external_suricata desktop: portgroups: - docker_registry @@ -654,6 +665,9 @@ firewall: endgame: portgroups: - endgame + external_suricata: + portgroups: + - external_suricata desktop: portgroups: - docker_registry @@ -850,6 +864,9 @@ firewall: endgame: portgroups: - endgame + external_suricata: + portgroups: + - external_suricata strelka_frontend: portgroups: - strelka_frontend @@ -1216,6 +1233,9 @@ firewall: - elastic_agent_control - elastic_agent_data - elastic_agent_update + external_suricata: + portgroups: + - external_suricata analyst: portgroups: - nginx diff --git a/salt/firewall/soc_firewall.yaml b/salt/firewall/soc_firewall.yaml index 3a8b4d3a0..222bcc8a2 100644 --- a/salt/firewall/soc_firewall.yaml +++ b/salt/firewall/soc_firewall.yaml @@ -32,6 +32,7 @@ firewall: elasticsearch_rest: *hostgroupsettingsadv endgame: *hostgroupsettingsadv eval: *hostgroupsettings + external_suricata: *hostgroupsettings fleet: *hostgroupsettings heavynode: *hostgroupsettings idh: *hostgroupsettings @@ -117,6 +118,9 @@ firewall: endgame: tcp: *tcpsettings udp: *udpsettings + external_suricata: + tcp: *tcpsettings + udp: *udpsettings influxdb: tcp: *tcpsettings udp: *udpsettings @@ -215,6 +219,8 @@ firewall: portgroups: *portgroupsdocker elastic_agent_endpoint: portgroups: *portgroupsdocker + external_suricata: + portgroups: *portgroupsdocker strelka_frontend: portgroups: *portgroupsdocker syslog: @@ -370,6 +376,8 @@ firewall: portgroups: *portgroupsdocker endgame: portgroups: *portgroupsdocker + external_suricata: + portgroups: *portgroupsdocker analyst: portgroups: *portgroupsdocker desktop: @@ -463,6 +471,8 @@ firewall: portgroups: *portgroupsdocker analyst: portgroups: *portgroupsdocker + external_suricata: + portgroups: *portgroupsdocker desktop: portgroups: *portgroupsdocker customhostgroup0: @@ -554,6 +564,8 @@ firewall: portgroups: *portgroupsdocker endgame: portgroups: *portgroupsdocker + external_suricata: + portgroups: *portgroupsdocker strelka_frontend: portgroups: *portgroupsdocker syslog: @@ -828,6 +840,8 @@ firewall: portgroups: *portgroupsdocker analyst: portgroups: *portgroupsdocker + external_suricata: + portgroups: *portgroupsdocker desktop: portgroups: *portgroupsdocker customhostgroup0: