Merge pull request #9853 from Security-Onion-Solutions/somefixes2

custom hostgroups in soc ui

salt/firewall/soc/defaults_soc_firewall.yaml

@@ -31,40 +31,40 @@ firewall:
       file: True
       global: True
       title: Beats Endpoints SSL
-      helplink: firewall.html#host-groups
+      helpLink: firewall.html#host-groups
     elastic_agent_endpoint:
       description: List of IP addresses or CIDR blocks for Elastic Agent connections.
       file: True
       global: True
       title: Elastic Agents
-      helplink: firewall.html#host-groups
+      helpLink: firewall.html#host-groups
     elasticsearch_rest:
       description: List of IP addresses or CIDR blocks to allow access directly to Elasticsearch.
       file: True
       global: True
       title: Elasticsearch Rest
       advanced: True
-      helplink: firewall.html#host-groups
+      helpLink: firewall.html#host-groups
     endgame:
       description: List of IP addresses or CIDR blocks to allow Endgame access.
       file: True
       global: True
       title: Endgame
       advanced: True
-      helplink: firewall.html#host-groups
+      helpLink: firewall.html#host-groups
     strelka_frontend:
       description: List of IP addresses or CIDR blocks to allow access to the Strelka front end.
       file: True
       global: True
       title: Strelka Frontend
       advanced: True
-      helplink: firewall.html#host-groups
+      helpLink: firewall.html#host-groups
     syslog:
       description: List of IP addresses or CIDR blocks to allow syslog.
       file: True
       global: True
       title: Syslog Endpoint Traffic
-      helplink: firewall.html#host-groups
+      helpLink: firewall.html#host-groups
     standalone: 
       description: List of IP addresses or CIDR blocks to allow standalone connections.
       file: True

salt/firewall/soc/init.sls

@@ -0,0 +1,5 @@
+soc_firewall_yaml:
+  file.managed:
+    - name: /opt/so/saltstack/default/salt/firewall/soc_firewall.yaml
+    - source: salt://firewall/soc/soc_firewall.yaml.jinja
+    - template: jinja

salt/firewall/soc/soc.map.jinja

@@ -0,0 +1,9 @@
+{% import_yaml 'firewall/soc/defaults_soc_firewall.yaml' as DEFAULT_SOC_FIREWALL %}
+{% set PILLAR_SOC_FIREWALL_GROUPS = salt['pillar.get']('firewall:custom_groups:groups', {}) %}
+{% set SOC_FIREWALL = DEFAULT_SOC_FIREWALL %}
+
+{% for group in PILLAR_SOC_FIREWALL_GROUPS %}
+{%   set description = 'List of IP addresses or CIDR blocks to allow for ' ~ group ~ ' hostgroup.' %}
+{%   set title = group[0]|upper ~ group[1:] %}
+{%   do SOC_FIREWALL.firewall.hostgroups.update({group:{'description': description, 'file': 'True', 'global': 'True', 'title': title, 'helpLink': 'firewall.html#host-groups'}}) %}
+{% endfor %}

salt/firewall/soc/soc_firewall.yaml.jinja

@@ -0,0 +1,2 @@
+{% from 'firewall/soc/soc.map.jinja' import SOC_FIREWALL -%}
+{{ SOC_FIREWALL | yaml(False) }}

salt/top.sls

@@ -77,6 +77,7 @@ base:
     - telegraf
     - influxdb
     - soc
+    - firewall.soc
     - kratos
     - firewall
     - idstools
@@ -121,6 +122,7 @@ base:
     - telegraf
     - influxdb
     - soc
+    - firewall.soc
     - kratos
     - firewall
     - manager
@@ -163,6 +165,7 @@ base:
     - telegraf
     - influxdb
     - soc
+    - firewall.soc
     - kratos
     - firewall
     - idstools
@@ -227,6 +230,7 @@ base:
     - telegraf
     - influxdb
     - soc
+    - firewall.soc
     - kratos
     - firewall
     - manager
@@ -296,6 +300,7 @@ base:
     - telegraf
     - influxdb
     - soc
+    - firewall.soc
     - kratos
     - firewall
     - idstools