Merge pull request #9853 from Security-Onion-Solutions/somefixes2

custom hostgroups in soc ui
2025-12-06 09:12:45 +01:00 · 2023-02-24 16:25:48 -05:00
parent aed41404fc d12ea041bf
commit dd8f6a460b
6 changed files with 35 additions and 6 deletions
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -60,6 +60,8 @@ base:
    - elasticsearch.adv_elasticsearch
    - backup.soc_backup
    - backup.adv_backup
+    - firewall.soc_firewall
+    - firewall.adv_firewall
    - minions.{{ grains.id }}
    - minions.adv_{{ grains.id }}

@@ -94,6 +96,8 @@ base:
    - influxdb.adv_influxdb
    - backup.soc_backup
    - backup.adv_backup
+    - firewall.soc_firewall
+    - firewall.adv_firewall
    - minions.{{ grains.id }}
    - minions.adv_{{ grains.id }}

@@ -125,6 +129,8 @@ base:
    - soc.soc_soc
    - backup.soc_backup
    - backup.adv_backup
+    - firewall.soc_firewall
+    - firewall.adv_firewall
    - minions.{{ grains.id }}
    - minions.adv_{{ grains.id }}

@@ -197,6 +203,8 @@ base:
    - redis.adv_redis
    - influxdb.soc_influxdb
    - influxdb.adv_influxdb
+    - firewall.soc_firewall
+    - firewall.adv_firewall
    - minions.{{ grains.id }}
    - minions.adv_{{ grains.id }}

--- a/salt/firewall/soc/defaults_soc_firewall.yaml
+++ b/salt/firewall/soc/defaults_soc_firewall.yaml
@@ -31,40 +31,40 @@ firewall:
      file: True
      global: True
      title: Beats Endpoints SSL
-      helplink: firewall.html#host-groups
+      helpLink: firewall.html#host-groups
    elastic_agent_endpoint:
      description: List of IP addresses or CIDR blocks for Elastic Agent connections.
      file: True
      global: True
      title: Elastic Agents
-      helplink: firewall.html#host-groups
+      helpLink: firewall.html#host-groups
    elasticsearch_rest:
      description: List of IP addresses or CIDR blocks to allow access directly to Elasticsearch.
      file: True
      global: True
      title: Elasticsearch Rest
      advanced: True
-      helplink: firewall.html#host-groups
+      helpLink: firewall.html#host-groups
    endgame:
      description: List of IP addresses or CIDR blocks to allow Endgame access.
      file: True
      global: True
      title: Endgame
      advanced: True
-      helplink: firewall.html#host-groups
+      helpLink: firewall.html#host-groups
    strelka_frontend:
      description: List of IP addresses or CIDR blocks to allow access to the Strelka front end.
      file: True
      global: True
      title: Strelka Frontend
      advanced: True
-      helplink: firewall.html#host-groups
+      helpLink: firewall.html#host-groups
    syslog:
      description: List of IP addresses or CIDR blocks to allow syslog.
      file: True
      global: True
      title: Syslog Endpoint Traffic
-      helplink: firewall.html#host-groups
+      helpLink: firewall.html#host-groups
    standalone: 
      description: List of IP addresses or CIDR blocks to allow standalone connections.
      file: True
--- a/salt/firewall/soc/init.sls
+++ b/salt/firewall/soc/init.sls
@@ -0,0 +1,5 @@
+soc_firewall_yaml:
+  file.managed:
+    - name: /opt/so/saltstack/default/salt/firewall/soc_firewall.yaml
+    - source: salt://firewall/soc/soc_firewall.yaml.jinja
+    - template: jinja
--- a/salt/firewall/soc/soc.map.jinja
+++ b/salt/firewall/soc/soc.map.jinja
@@ -0,0 +1,9 @@
+{% import_yaml 'firewall/soc/defaults_soc_firewall.yaml' as DEFAULT_SOC_FIREWALL %}
+{% set PILLAR_SOC_FIREWALL_GROUPS = salt['pillar.get']('firewall:custom_groups:groups', {}) %}
+{% set SOC_FIREWALL = DEFAULT_SOC_FIREWALL %}
+
+{% for group in PILLAR_SOC_FIREWALL_GROUPS %}
+{%   set description = 'List of IP addresses or CIDR blocks to allow for ' ~ group ~ ' hostgroup.' %}
+{%   set title = group[0]|upper ~ group[1:] %}
+{%   do SOC_FIREWALL.firewall.hostgroups.update({group:{'description': description, 'file': 'True', 'global': 'True', 'title': title, 'helpLink': 'firewall.html#host-groups'}}) %}
+{% endfor %}
--- a/salt/firewall/soc/soc_firewall.yaml.jinja
+++ b/salt/firewall/soc/soc_firewall.yaml.jinja
@@ -0,0 +1,2 @@
+{% from 'firewall/soc/soc.map.jinja' import SOC_FIREWALL -%}
+{{ SOC_FIREWALL | yaml(False) }}
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -77,6 +77,7 @@ base:
    - telegraf
    - influxdb
    - soc
+    - firewall.soc
    - kratos
    - firewall
    - idstools
@@ -121,6 +122,7 @@ base:
    - telegraf
    - influxdb
    - soc
+    - firewall.soc
    - kratos
    - firewall
    - manager
@@ -163,6 +165,7 @@ base:
    - telegraf
    - influxdb
    - soc
+    - firewall.soc
    - kratos
    - firewall
    - idstools
@@ -227,6 +230,7 @@ base:
    - telegraf
    - influxdb
    - soc
+    - firewall.soc
    - kratos
    - firewall
    - manager
@@ -296,6 +300,7 @@ base:
    - telegraf
    - influxdb
    - soc
+    - firewall.soc
    - kratos
    - firewall
    - idstools