{% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %} {% import_yaml 'firewall/portgroups.yaml' as portgroups %} {% set portgroups = portgroups.firewall.aliases.ports %} {% set TRUE_CLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} role: eval: chain: DOCKER-USER: hostgroups: manager: portgroups: - {{ portgroups.wazuh_agent }} - {{ portgroups.wazuh_api }} - {{ portgroups.wazuh_authd }} - {{ portgroups.playbook }} - {{ portgroups.mysql }} - {{ portgroups.kibana }} - {{ portgroups.redis }} - {{ portgroups.minio }} - {{ portgroups.influxdb }} - {{ portgroups.fleet_api }} - {{ portgroups.cortex }} - {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_node }} - {{ portgroups.cortex_es_rest }} - {{ portgroups.cortex_es_node }} minion: portgroups: - {{ portgroups.acng }} - {{ portgroups.docker_registry }} - {{ portgroups.osquery_8080 }} - {{ portgroups.influxdb }} - {{ portgroups.wazuh_api }} - {{ portgroups.fleet_api }} - {{ portgroups.sensoroni }} sensor: portgroups: - {{ portgroups.beats_5044 }} - {{ portgroups.beats_5644 }} search_node: portgroups: - {{ portgroups.redis }} - {{ portgroups.minio }} - {{ portgroups.elasticsearch_node }} heavy_node: portgroups: - {{ portgroups.redis }} - {{ portgroups.minio }} - {{ portgroups.elasticsearch_node }} self: portgroups: - {{ portgroups.syslog}} beats_endpoint: portgroups: - {{ portgroups.beats_5044 }} beats_endpoint_ssl: portgroups: - {{ portgroups.beats_5644 }} elasticsearch_rest: portgroups: - {{ portgroups.elasticsearch_rest }} osquery_endpoint: portgroups: - {{ portgroups.fleet_api }} strelka_frontend: portgroups: - {{ portgroups.strelka_frontend }} syslog: portgroups: - {{ portgroups.syslog }} wazuh_agent: portgroups: - {{ portgroups.wazuh_agent }} wazuh_api: portgroups: - {{ portgroups.wazuh_api }} wazuh_authd: portgroups: - {{ portgroups.wazuh_authd }} analyst: portgroups: - {{ portgroups.nginx }} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} minion: portgroups: - {{ portgroups.salt_manager }} manager: chain: DOCKER-USER: hostgroups: manager: portgroups: - {{ portgroups.wazuh_agent }} - {{ portgroups.wazuh_api }} - {{ portgroups.wazuh_authd }} - {{ portgroups.playbook }} - {{ portgroups.mysql }} - {{ portgroups.kibana }} - {{ portgroups.redis }} - {{ portgroups.minio }} - {{ portgroups.influxdb }} - {{ portgroups.fleet_api }} - {{ portgroups.cortex }} - {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_node }} - {{ portgroups.cortex_es_rest }} - {{ portgroups.cortex_es_node }} {% if ISAIRGAP is sameas true %} - {{ portgroups.agrules }} {% endif %} minion: portgroups: - {{ portgroups.acng }} - {{ portgroups.docker_registry }} - {{ portgroups.osquery_8080 }} - {{ portgroups.influxdb }} - {{ portgroups.wazuh_api }} - {{ portgroups.fleet_api }} - {{ portgroups.sensoroni }} {% if ISAIRGAP is sameas true %} - {{ portgroups.yum }} {% endif %} sensor: portgroups: - {{ portgroups.beats_5044 }} - {{ portgroups.beats_5644 }} search_node: portgroups: - {{ portgroups.redis }} - {{ portgroups.minio }} - {{ portgroups.elasticsearch_node }} - {{ portgroups.beats_5644 }} heavy_node: portgroups: - {{ portgroups.redis }} - {{ portgroups.minio }} - {{ portgroups.elasticsearch_node }} - {{ portgroups.beats_5644 }} self: portgroups: - {{ portgroups.syslog}} syslog: portgroups: - {{ portgroups.syslog }} beats_endpoint: portgroups: - {{ portgroups.beats_5044 }} beats_endpoint_ssl: portgroups: - {{ portgroups.beats_5644 }} elasticsearch_rest: portgroups: - {{ portgroups.elasticsearch_rest }} endgame: portgroups: - {{ portgroups.endgame }} osquery_endpoint: portgroups: - {{ portgroups.fleet_api }} wazuh_agent: portgroups: - {{ portgroups.wazuh_agent }} wazuh_api: portgroups: - {{ portgroups.wazuh_api }} wazuh_authd: portgroups: - {{ portgroups.wazuh_authd }} analyst: portgroups: - {{ portgroups.nginx }} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} minion: portgroups: - {{ portgroups.salt_manager }} managersearch: chain: DOCKER-USER: hostgroups: manager: portgroups: - {{ portgroups.wazuh_agent }} - {{ portgroups.wazuh_api }} - {{ portgroups.wazuh_authd }} - {{ portgroups.playbook }} - {{ portgroups.mysql }} - {{ portgroups.kibana }} - {{ portgroups.redis }} - {{ portgroups.minio }} - {{ portgroups.influxdb }} - {{ portgroups.fleet_api }} - {{ portgroups.cortex }} - {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_node }} - {{ portgroups.cortex_es_rest }} - {{ portgroups.cortex_es_node }} minion: portgroups: - {{ portgroups.acng }} - {{ portgroups.docker_registry }} - {{ portgroups.osquery_8080 }} - {{ portgroups.influxdb }} - {{ portgroups.wazuh_api }} - {{ portgroups.fleet_api }} - {{ portgroups.sensoroni }} - {{ portgroups.yum }} sensor: portgroups: - {{ portgroups.beats_5044 }} - {{ portgroups.beats_5644 }} search_node: portgroups: - {{ portgroups.redis }} - {{ portgroups.minio }} - {{ portgroups.elasticsearch_node }} heavy_node: portgroups: - {{ portgroups.redis }} - {{ portgroups.minio }} - {{ portgroups.elasticsearch_node }} self: portgroups: - {{ portgroups.syslog}} beats_endpoint: portgroups: - {{ portgroups.beats_5044 }} beats_endpoint_ssl: portgroups: - {{ portgroups.beats_5644 }} elasticsearch_rest: portgroups: - {{ portgroups.elasticsearch_rest }} endgame: portgroups: - {{ portgroups.endgame }} osquery_endpoint: portgroups: - {{ portgroups.fleet_api }} syslog: portgroups: - {{ portgroups.syslog }} wazuh_agent: portgroups: - {{ portgroups.wazuh_agent }} wazuh_api: portgroups: - {{ portgroups.wazuh_api }} wazuh_authd: portgroups: - {{ portgroups.wazuh_authd }} analyst: portgroups: - {{ portgroups.nginx }} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} minion: portgroups: - {{ portgroups.salt_manager }} standalone: chain: DOCKER-USER: hostgroups: manager: portgroups: - {{ portgroups.wazuh_agent }} - {{ portgroups.wazuh_api }} - {{ portgroups.wazuh_authd }} - {{ portgroups.playbook }} - {{ portgroups.mysql }} - {{ portgroups.kibana }} - {{ portgroups.redis }} - {{ portgroups.minio }} - {{ portgroups.influxdb }} - {{ portgroups.fleet_api }} - {{ portgroups.cortex }} - {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_node }} - {{ portgroups.cortex_es_rest }} - {{ portgroups.cortex_es_node }} minion: portgroups: - {{ portgroups.acng }} - {{ portgroups.docker_registry }} - {{ portgroups.osquery_8080 }} - {{ portgroups.influxdb }} - {{ portgroups.wazuh_api }} - {{ portgroups.fleet_api }} - {{ portgroups.sensoroni }} - {{ portgroups.yum }} sensor: portgroups: - {{ portgroups.beats_5044 }} - {{ portgroups.beats_5644 }} search_node: portgroups: - {{ portgroups.redis }} - {{ portgroups.minio }} - {{ portgroups.elasticsearch_node }} heavy_node: portgroups: - {{ portgroups.redis }} - {{ portgroups.minio }} - {{ portgroups.elasticsearch_node }} self: portgroups: - {{ portgroups.syslog}} beats_endpoint: portgroups: - {{ portgroups.beats_5044 }} beats_endpoint_ssl: portgroups: - {{ portgroups.beats_5644 }} elasticsearch_rest: portgroups: - {{ portgroups.elasticsearch_rest }} endgame: portgroups: - {{ portgroups.endgame }} osquery_endpoint: portgroups: - {{ portgroups.fleet_api }} strelka_frontend: portgroups: - {{ portgroups.strelka_frontend }} syslog: portgroups: - {{ portgroups.syslog }} wazuh_agent: portgroups: - {{ portgroups.wazuh_agent }} wazuh_api: portgroups: - {{ portgroups.wazuh_api }} wazuh_authd: portgroups: - {{ portgroups.wazuh_authd }} analyst: portgroups: - {{ portgroups.nginx }} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} minion: portgroups: - {{ portgroups.salt_manager }} helixsensor: chain: DOCKER-USER: hostgroups: manager: portgroups: - {{ portgroups.wazuh_agent }} - {{ portgroups.playbook }} - {{ portgroups.mysql }} - {{ portgroups.kibana }} - {{ portgroups.redis }} - {{ portgroups.influxdb }} - {{ portgroups.fleet_api }} - {{ portgroups.cortex }} - {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_node }} - {{ portgroups.cortex_es_rest }} - {{ portgroups.cortex_es_node }} minion: portgroups: - {{ portgroups.acng }} - {{ portgroups.docker_registry }} - {{ portgroups.osquery_8080 }} - {{ portgroups.influxdb }} - {{ portgroups.wazuh_api }} - {{ portgroups.sensoroni }} sensor: portgroups: - {{ portgroups.beats_5044 }} - {{ portgroups.beats_5644 }} search_node: portgroups: - {{ portgroups.redis }} - {{ portgroups.elasticsearch_node }} self: portgroups: - {{ portgroups.syslog}} beats_endpoint: portgroups: - {{ portgroups.beats_5044 }} osquery_endpoint: portgroups: - {{ portgroups.fleet_api }} wazuh_agent: portgroups: - {{ portgroups.wazuh_agent }} analyst: portgroups: - {{ portgroups.nginx }} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} minion: portgroups: - {{ portgroups.salt_manager }} searchnode: chain: DOCKER-USER: hostgroups: manager: portgroups: - {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_rest }} dockernet: portgroups: - {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_rest }} elasticsearch_rest: portgroups: - {{ portgroups.elasticsearch_rest }} {% if TRUE_CLUSTER %} search_node: portgroups: - {{ portgroups.elasticsearch_node }} {% endif %} self: portgroups: - {{ portgroups.syslog}} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} sensor: chain: DOCKER-USER: hostgroups: self: portgroups: - {{ portgroups.syslog}} strelka_frontend: portgroups: - {{ portgroups.strelka_frontend }} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} heavynode: chain: DOCKER-USER: hostgroups: manager: portgroups: - {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_rest }} dockernet: portgroups: - {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_rest }} elasticsearch_rest: portgroups: - {{ portgroups.elasticsearch_rest }} self: portgroups: - {{ portgroups.syslog}} strelka_frontend: portgroups: - {{ portgroups.strelka_frontend }} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} fleet: chain: DOCKER-USER: hostgroups: self: portgroups: - {{ portgroups.redis }} - {{ portgroups.mysql }} - {{ portgroups.osquery_8080 }} localhost: portgroups: - {{ portgroups.mysql }} - {{ portgroups.osquery_8080 }} analyst: portgroups: - {{ portgroups.fleet_webui }} minion: portgroups: - {{ portgroups.fleet_api }} osquery_endpoint: portgroups: - {{ portgroups.fleet_api}} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} import: chain: DOCKER-USER: hostgroups: manager: portgroups: - {{ portgroups.kibana }} - {{ portgroups.redis }} - {{ portgroups.influxdb }} - {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_node }} minion: portgroups: - {{ portgroups.docker_registry }} - {{ portgroups.sensoroni }} sensor: portgroups: - {{ portgroups.beats_5044 }} - {{ portgroups.beats_5644 }} search_node: portgroups: - {{ portgroups.redis }} - {{ portgroups.elasticsearch_node }} beats_endpoint: portgroups: - {{ portgroups.beats_5044 }} beats_endpoint_ssl: portgroups: - {{ portgroups.beats_5644 }} elasticsearch_rest: portgroups: - {{ portgroups.elasticsearch_rest }} analyst: portgroups: - {{ portgroups.nginx }} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} minion: portgroups: - {{ portgroups.salt_manager }} receiver: chain: DOCKER-USER: hostgroups: sensor: portgroups: - {{ portgroups.beats_5644 }} search_node: portgroups: - {{ portgroups.redis }} - {{ portgroups.beats_5644 }} self: portgroups: - {{ portgroups.redis }} - {{ portgroups.syslog}} - {{ portgroups.beats_5644 }} syslog: portgroups: - {{ portgroups.syslog }} beats_endpoint: portgroups: - {{ portgroups.beats_5044 }} beats_endpoint_ssl: portgroups: - {{ portgroups.beats_5644 }} endgame: portgroups: - {{ portgroups.endgame }} wazuh_agent: portgroups: - {{ portgroups.wazuh_agent }} wazuh_api: portgroups: - {{ portgroups.wazuh_api }} wazuh_authd: portgroups: - {{ portgroups.wazuh_authd }} INPUT: hostgroups: anywhere: portgroups: - {{ portgroups.ssh }} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} idh: chain: INPUT: hostgroups: anywhere: portgroups: {% set idh_services = salt['pillar.get']('idh:services', []) %} {% for service in idh_services %} - {{ portgroups['idh_'~service] }} {% endfor %} dockernet: portgroups: - {{ portgroups.all }} localhost: portgroups: - {{ portgroups.all }} manager: portgroups: - {{ portgroups.ssh }}