CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9853 from Security-Onion-Solutions/somefixes2

Browse Source 
custom hostgroups in soc ui
This commit is contained in:
Josh Patterson
2023-02-24 16:25:48 -05:00
committed by GitHub
parent aed41404fc d12ea041bf
commit dd8f6a460b
6 changed files with 35 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pillar/top.sls
View File

@@ -60,6 +60,8 @@ base:
- elasticsearch.adv_elasticsearch - elasticsearch.adv_elasticsearch
- backup.soc_backup - backup.soc_backup
- backup.adv_backup - backup.adv_backup
- firewall.soc_firewall
- firewall.adv_firewall
- minions.{{ grains.id }} - minions.{{ grains.id }}
- minions.adv_{{ grains.id }} - minions.adv_{{ grains.id }}
@@ -94,6 +96,8 @@ base:
- influxdb.adv_influxdb - influxdb.adv_influxdb
- backup.soc_backup - backup.soc_backup
- backup.adv_backup - backup.adv_backup
- firewall.soc_firewall
- firewall.adv_firewall
- minions.{{ grains.id }} - minions.{{ grains.id }}
- minions.adv_{{ grains.id }} - minions.adv_{{ grains.id }}
@@ -125,6 +129,8 @@ base:
- soc.soc_soc - soc.soc_soc
- backup.soc_backup - backup.soc_backup
- backup.adv_backup - backup.adv_backup
- firewall.soc_firewall
- firewall.adv_firewall
- minions.{{ grains.id }} - minions.{{ grains.id }}
- minions.adv_{{ grains.id }} - minions.adv_{{ grains.id }}
@@ -197,6 +203,8 @@ base:
- redis.adv_redis - redis.adv_redis
- influxdb.soc_influxdb - influxdb.soc_influxdb
- influxdb.adv_influxdb - influxdb.adv_influxdb
- firewall.soc_firewall
- firewall.adv_firewall
- minions.{{ grains.id }} - minions.{{ grains.id }}
- minions.adv_{{ grains.id }} - minions.adv_{{ grains.id }}

12
salt/firewall/defaults_soc_firewall.yaml → salt/firewall/soc/defaults_soc_firewall.yaml
View File

@@ -31,40 +31,40 @@ firewall:
file: True file: True
global: True global: True
title: Beats Endpoints SSL title: Beats Endpoints SSL
helplink: firewall.html#host-groups helpLink: firewall.html#host-groups
elastic_agent_endpoint: elastic_agent_endpoint:
description: List of IP addresses or CIDR blocks for Elastic Agent connections. description: List of IP addresses or CIDR blocks for Elastic Agent connections.
file: True file: True
global: True global: True
title: Elastic Agents title: Elastic Agents
helplink: firewall.html#host-groups helpLink: firewall.html#host-groups
elasticsearch_rest: elasticsearch_rest:
description: List of IP addresses or CIDR blocks to allow access directly to Elasticsearch. description: List of IP addresses or CIDR blocks to allow access directly to Elasticsearch.
file: True file: True
global: True global: True
title: Elasticsearch Rest title: Elasticsearch Rest
advanced: True advanced: True
helplink: firewall.html#host-groups helpLink: firewall.html#host-groups
endgame: endgame:
description: List of IP addresses or CIDR blocks to allow Endgame access. description: List of IP addresses or CIDR blocks to allow Endgame access.
file: True file: True
global: True global: True
title: Endgame title: Endgame
advanced: True advanced: True
helplink: firewall.html#host-groups helpLink: firewall.html#host-groups
strelka_frontend: strelka_frontend:
description: List of IP addresses or CIDR blocks to allow access to the Strelka front end. description: List of IP addresses or CIDR blocks to allow access to the Strelka front end.
file: True file: True
global: True global: True
title: Strelka Frontend title: Strelka Frontend
advanced: True advanced: True
helplink: firewall.html#host-groups helpLink: firewall.html#host-groups
syslog: syslog:
description: List of IP addresses or CIDR blocks to allow syslog. description: List of IP addresses or CIDR blocks to allow syslog.
file: True file: True
global: True global: True
title: Syslog Endpoint Traffic title: Syslog Endpoint Traffic
helplink: firewall.html#host-groups helpLink: firewall.html#host-groups
standalone: standalone:
description: List of IP addresses or CIDR blocks to allow standalone connections. description: List of IP addresses or CIDR blocks to allow standalone connections.
file: True file: True

5
salt/firewall/soc/init.sls Normal file
View File

@@ -0,0 +1,5 @@
soc_firewall_yaml:
file.managed:
- name: /opt/so/saltstack/default/salt/firewall/soc_firewall.yaml
- source: salt://firewall/soc/soc_firewall.yaml.jinja
- template: jinja

9
salt/firewall/soc/soc.map.jinja Normal file
View File

@@ -0,0 +1,9 @@
{% import_yaml 'firewall/soc/defaults_soc_firewall.yaml' as DEFAULT_SOC_FIREWALL %}
{% set PILLAR_SOC_FIREWALL_GROUPS = salt['pillar.get']('firewall:custom_groups:groups', {}) %}
{% set SOC_FIREWALL = DEFAULT_SOC_FIREWALL %}
{% for group in PILLAR_SOC_FIREWALL_GROUPS %}
{% set description = 'List of IP addresses or CIDR blocks to allow for ' ~ group ~ ' hostgroup.' %}
{% set title = group[0]|upper ~ group[1:] %}
{% do SOC_FIREWALL.firewall.hostgroups.update({group:{'description': description, 'file': 'True', 'global': 'True', 'title': title, 'helpLink': 'firewall.html#host-groups'}}) %}
{% endfor %}

2
salt/firewall/soc/soc_firewall.yaml.jinja Normal file
View File

@@ -0,0 +1,2 @@
{% from 'firewall/soc/soc.map.jinja' import SOC_FIREWALL -%}
{{ SOC_FIREWALL | yaml(False) }}

5
salt/top.sls
View File

@@ -77,6 +77,7 @@ base:
- telegraf - telegraf
- influxdb - influxdb
- soc - soc
- firewall.soc
- kratos - kratos
- firewall - firewall
- idstools - idstools
@@ -121,6 +122,7 @@ base:
- telegraf - telegraf
- influxdb - influxdb
- soc - soc
- firewall.soc
- kratos - kratos
- firewall - firewall
- manager - manager
@@ -163,6 +165,7 @@ base:
- telegraf - telegraf
- influxdb - influxdb
- soc - soc
- firewall.soc
- kratos - kratos
- firewall - firewall
- idstools - idstools
@@ -227,6 +230,7 @@ base:
- telegraf - telegraf
- influxdb - influxdb
- soc - soc
- firewall.soc
- kratos - kratos
- firewall - firewall
- manager - manager
@@ -296,6 +300,7 @@ base:
- telegraf - telegraf
- influxdb - influxdb
- soc - soc
- firewall.soc
- kratos - kratos
- firewall - firewall
- idstools - idstools