CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Firewall Fun

Browse Source
This commit is contained in:
Mike Reeves
2022-09-16 12:55:56 -04:00
parent 943b98f091
commit f14a8f3d01
2 changed files with 93 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
salt/firewall/defaults.yaml Normal file
View File

@@ -0,0 +1,89 @@
firewall:
hostgroups:
anywhere:
ips:
delete:
insert:
- 0.0.0.0/0
dockernet:
ips:
delete:
insert:
- 172.17.0.0/24
localhost:
ips:
delete:
insert:
- 127.0.0.1
self:
ips:
delete:
insert: []
analyst:
ips:
delete: []
insert: [127.0.0.1]
beats_endpoint:
ips:
delete: []
insert: [127.0.0.1]
beats_endpoint_ssl:
ips:
delete: []
insert: []
elastic_agent_endpoint:
ips:
delete: []
insert: [127.0.0.1]
elasticsearch_rest:
ips:
delete: []
insert: []
endgame:
ips:
delete: []
insert: [127.0.0.1]
fleet:
ips:
delete: []
insert: []
heavy_node:
ips:
delete: []
insert: []
idh:
ips:
delete: []
insert: []
manager:
ips:
delete: []
insert: [127.0.0.1]
minion:
ips:
delete: []
insert: [127.0.0.1]
node:
ips:
delete: []
insert: []
receiver:
ips:
delete: []
insert: []
search_node:
ips:
delete: []
insert: [127.0.0.1]
sensor:
ips:
delete: []
insert: [127.0.0.1]
strelka_frontend:
ips:
delete: []
insert: []
syslog:
ips:
delete: []
insert: []

3
salt/idstools/soc_idstools.yaml
View File

@@ -25,13 +25,16 @@ idstools:
file: True
global: True
advanced: True
title: Local Rules
filters__rules:
description: You can set custom filters for Suricata when using it for meta data creation.
file: True
global: True
advanced: True
title: Filter Rules
extraction__rules:
description: This is a list of mime types for file extraction when Suricata is used for meta data creation.
file: True
global: True
advanced: True
title: Extraction Rules