firewall: hostgroups: analyst: &hostgroupsettings description: List of IP or CIDR blocks to allow access to this hostgroup. forcedType: "[]string" helpLink: firewall.html multiline: True regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$ regexFailureMessage: You must enter a valid IP address or CIDR. duplicates: True anywhere: &hostgroupsettingsadv description: List of IP or CIDR blocks to allow access to this hostgroup. forcedType: "[]string" helpLink: firewall.html multiline: True advanced: True regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$ regexFailureMessage: You must enter a valid IP address or CIDR. duplicates: True beats_endpoint: *hostgroupsettings beats_endpoint_ssl: *hostgroupsettings dockernet: &ROhostgroupsettingsadv description: List of IP or CIDR blocks to allow access to this hostgroup. forcedType: "[]string" helpLink: firewall.html multiline: True advanced: True readonly: True regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$ regexFailureMessage: You must enter a valid IP address or CIDR. elastic_agent_endpoint: *hostgroupsettings elasticsearch_rest: *hostgroupsettingsadv endgame: *hostgroupsettingsadv eval: *hostgroupsettings fleet: *hostgroupsettings heavynode: *hostgroupsettings idh: *hostgroupsettings import: *hostgroupsettings localhost: *ROhostgroupsettingsadv manager: *hostgroupsettings managersearch: *hostgroupsettings receiver: *hostgroupsettings searchnode: *hostgroupsettings self: *ROhostgroupsettingsadv sensor: *hostgroupsettings standalone: *hostgroupsettings strelka_frontend: *hostgroupsettings syslog: *hostgroupsettings desktop: *hostgroupsettings customhostgroup0: &customhostgroupsettings description: List of IP or CIDR blocks to allow to this hostgroup. forcedType: "[]string" helpLink: firewall.html advanced: True multiline: True regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$ regexFailureMessage: You must enter a valid IP address or CIDR. duplicates: True customhostgroup1: *customhostgroupsettings customhostgroup2: *customhostgroupsettings customhostgroup3: *customhostgroupsettings customhostgroup4: *customhostgroupsettings customhostgroup5: *customhostgroupsettings customhostgroup6: *customhostgroupsettings customhostgroup7: *customhostgroupsettings customhostgroup8: *customhostgroupsettings customhostgroup9: *customhostgroupsettings portgroups: all: tcp: &tcpsettings description: List of TCP ports for this port group. forcedType: "[]string" helpLink: firewall.html advanced: True multiline: True duplicates: True udp: &udpsettings description: List of UDP ports for this port group. forcedType: "[]string" helpLink: firewall.html advanced: True multiline: True duplicates: True agrules: tcp: *tcpsettings udp: *udpsettings beats_5044: tcp: *tcpsettings udp: *udpsettings beats_5644: tcp: *tcpsettings udp: *udpsettings beats_5066: tcp: *tcpsettings udp: *udpsettings beats_5056: tcp: *tcpsettings udp: *udpsettings docker_registry: tcp: *tcpsettings udp: *udpsettings elasticsearch_node: tcp: *tcpsettings udp: *udpsettings elasticsearch_rest: tcp: *tcpsettings udp: *udpsettings elastic_agent_control: tcp: *tcpsettings udp: *udpsettings elastic_agent_data: tcp: *tcpsettings udp: *udpsettings elastic_agent_update: tcp: *tcpsettings udp: *udpsettings endgame: tcp: *tcpsettings udp: *udpsettings influxdb: tcp: *tcpsettings udp: *udpsettings kafka: tcp: *tcpsettings udp: *udpsettings kibana: tcp: *tcpsettings udp: *udpsettings localrules: tcp: *tcpsettings udp: *udpsettings nginx: tcp: *tcpsettings udp: *udpsettings redis: tcp: *tcpsettings udp: *udpsettings salt_manager: tcp: *tcpsettings udp: *udpsettings sensoroni: tcp: *tcpsettings udp: *udpsettings ssh: tcp: *tcpsettings udp: *udpsettings strelka_frontend: tcp: *tcpsettings udp: *udpsettings syslog: tcp: *tcpsettings udp: *udpsettings yum: tcp: *tcpsettings udp: *udpsettings customportgroup0: tcp: *tcpsettings udp: *udpsettings customportgroup1: tcp: *tcpsettings udp: *udpsettings customportgroup2: tcp: *tcpsettings udp: *udpsettings customportgroup3: tcp: *tcpsettings udp: *udpsettings customportgroup4: tcp: *tcpsettings udp: *udpsettings customportgroup5: tcp: *tcpsettings udp: *udpsettings customportgroup6: tcp: *tcpsettings udp: *udpsettings customportgroup7: tcp: *tcpsettings udp: *udpsettings customportgroup8: tcp: *tcpsettings udp: *udpsettings customportgroup9: tcp: *tcpsettings udp: *udpsettings role: eval: chain: DOCKER-USER: hostgroups: eval: portgroups: &portgroupsdocker description: Portgroups to add access to the docker containers for this role. advanced: True multiline: True forcedType: "[]string" helpLink: firewall.html duplicates: True sensor: portgroups: *portgroupsdocker searchnode: portgroups: *portgroupsdocker heavynode: portgroups: *portgroupsdocker self: portgroups: *portgroupsdocker beats_endpoint: portgroups: *portgroupsdocker beats_endpoint_ssl: portgroups: *portgroupsdocker elasticsearch_rest: portgroups: *portgroupsdocker elastic_agent_endpoint: portgroups: *portgroupsdocker strelka_frontend: portgroups: *portgroupsdocker syslog: portgroups: *portgroupsdocker analyst: portgroups: *portgroupsdocker desktop: portgroups: *portgroupsdocker customhostgroup0: portgroups: *portgroupsdocker customhostgroup1: portgroups: *portgroupsdocker customhostgroup2: portgroups: *portgroupsdocker customhostgroup3: portgroups: *portgroupsdocker customhostgroup4: portgroups: *portgroupsdocker customhostgroup5: portgroups: *portgroupsdocker customhostgroup6: portgroups: *portgroupsdocker customhostgroup7: portgroups: *portgroupsdocker customhostgroup8: portgroups: *portgroupsdocker customhostgroup9: portgroups: *portgroupsdocker INPUT: hostgroups: anywhere: portgroups: &portgroupshost description: Portgroups to add access to the host. advanced: True multiline: True forcedType: "[]string" helpLink: firewall.html duplicates: True dockernet: portgroups: *portgroupshost localhost: portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost customhostgroup1: portgroups: *portgroupshost customhostgroup2: portgroups: *portgroupshost customhostgroup3: portgroups: *portgroupshost customhostgroup4: portgroups: *portgroupshost customhostgroup5: portgroups: *portgroupshost customhostgroup6: portgroups: *portgroupshost customhostgroup7: portgroups: *portgroupshost customhostgroup8: portgroups: *portgroupshost customhostgroup9: portgroups: *portgroupshost fleet: chain: DOCKER-USER: hostgroups: sensor: portgroups: *portgroupsdocker elastic_agent_endpoint: portgroups: *portgroupsdocker customhostgroup0: portgroups: *portgroupsdocker customhostgroup1: portgroups: *portgroupsdocker customhostgroup2: portgroups: *portgroupsdocker customhostgroup3: portgroups: *portgroupsdocker customhostgroup4: portgroups: *portgroupsdocker customhostgroup5: portgroups: *portgroupsdocker customhostgroup6: portgroups: *portgroupsdocker customhostgroup7: portgroups: *portgroupsdocker customhostgroup8: portgroups: *portgroupsdocker customhostgroup9: portgroups: *portgroupsdocker INPUT: hostgroups: anywhere: portgroups: *portgroupshost dockernet: portgroups: *portgroupshost localhost: portgroups: *portgroupsdocker standalone: portgroups: *portgroupshost sensor: portgroups: *portgroupshost searchnode: portgroups: *portgroupshost heavynode: portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost customhostgroup1: portgroups: *portgroupshost customhostgroup2: portgroups: *portgroupshost customhostgroup3: portgroups: *portgroupshost customhostgroup4: portgroups: *portgroupshost customhostgroup5: portgroups: *portgroupshost customhostgroup6: portgroups: *portgroupshost customhostgroup7: portgroups: *portgroupshost customhostgroup8: portgroups: *portgroupshost customhostgroup9: portgroups: *portgroupshost manager: chain: DOCKER-USER: hostgroups: manager: portgroups: *portgroupsdocker idh: portgroups: *portgroupsdocker sensor: portgroups: *portgroupsdocker searchnode: portgroups: *portgroupsdocker heavynode: portgroups: *portgroupsdocker self: portgroups: *portgroupsdocker syslog: portgroups: *portgroupsdocker beats_endpoint: portgroups: *portgroupsdocker beats_endpoint_ssl: portgroups: *portgroupsdocker elasticsearch_rest: portgroups: *portgroupsdocker elastic_agent_endpoint: portgroups: *portgroupsdocker endgame: portgroups: *portgroupsdocker analyst: portgroups: *portgroupsdocker desktop: portgroups: *portgroupsdocker customhostgroup0: portgroups: *portgroupsdocker customhostgroup1: portgroups: *portgroupsdocker customhostgroup2: portgroups: *portgroupsdocker customhostgroup3: portgroups: *portgroupsdocker customhostgroup4: portgroups: *portgroupsdocker customhostgroup5: portgroups: *portgroupsdocker customhostgroup6: portgroups: *portgroupsdocker customhostgroup7: portgroups: *portgroupsdocker customhostgroup8: portgroups: *portgroupsdocker customhostgroup9: portgroups: *portgroupsdocker INPUT: hostgroups: anywhere: portgroups: *portgroupshost dockernet: portgroups: *portgroupshost localhost: portgroups: *portgroupshost idh: portgroups: *portgroupshost sensor: portgroups: *portgroupshost searchnode: portgroups: *portgroupshost heavynode: portgroups: *portgroupshost desktop: portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost customhostgroup1: portgroups: *portgroupshost customhostgroup2: portgroups: *portgroupshost customhostgroup3: portgroups: *portgroupshost customhostgroup4: portgroups: *portgroupshost customhostgroup5: portgroups: *portgroupshost customhostgroup6: portgroups: *portgroupshost customhostgroup7: portgroups: *portgroupshost customhostgroup8: portgroups: *portgroupshost customhostgroup9: portgroups: *portgroupshost managersearch: chain: DOCKER-USER: hostgroups: managersearch: portgroups: *portgroupsdocker idh: portgroups: *portgroupsdocker sensor: portgroups: *portgroupsdocker searchnode: portgroups: *portgroupsdocker heavynode: portgroups: *portgroupsdocker self: portgroups: *portgroupsdocker beats_endpoint: portgroups: *portgroupsdocker beats_endpoint_ssl: portgroups: *portgroupsdocker elasticsearch_rest: portgroups: *portgroupsdocker elastic_agent_endpoint: portgroups: *portgroupsdocker endgame: portgroups: *portgroupsdocker syslog: portgroups: *portgroupsdocker analyst: portgroups: *portgroupsdocker desktop: portgroups: *portgroupsdocker customhostgroup0: portgroups: *portgroupsdocker customhostgroup1: portgroups: *portgroupsdocker customhostgroup2: portgroups: *portgroupsdocker customhostgroup3: portgroups: *portgroupsdocker customhostgroup4: portgroups: *portgroupsdocker customhostgroup5: portgroups: *portgroupsdocker customhostgroup6: portgroups: *portgroupsdocker customhostgroup7: portgroups: *portgroupsdocker customhostgroup8: portgroups: *portgroupsdocker customhostgroup9: portgroups: *portgroupsdocker INPUT: hostgroups: anywhere: portgroups: *portgroupshost dockernet: portgroups: *portgroupshost localhost: portgroups: *portgroupshost idh: portgroups: *portgroupshost sensor: portgroups: *portgroupshost searchnode: portgroups: *portgroupshost heavynode: portgroups: *portgroupshost desktop: portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost customhostgroup1: portgroups: *portgroupshost customhostgroup2: portgroups: *portgroupshost customhostgroup3: portgroups: *portgroupshost customhostgroup4: portgroups: *portgroupshost customhostgroup5: portgroups: *portgroupshost customhostgroup6: portgroups: *portgroupshost customhostgroup7: portgroups: *portgroupshost customhostgroup8: portgroups: *portgroupshost customhostgroup9: portgroups: *portgroupshost standalone: chain: DOCKER-USER: hostgroups: localhost: portgroups: *portgroupsdocker standalone: portgroups: *portgroupsdocker fleet: portgroups: *portgroupsdocker idh: portgroups: *portgroupsdocker sensor: portgroups: *portgroupsdocker searchnode: portgroups: *portgroupsdocker heavynode: portgroups: *portgroupsdocker self: portgroups: *portgroupsdocker beats_endpoint: portgroups: *portgroupsdocker beats_endpoint_ssl: portgroups: *portgroupsdocker elasticsearch_rest: portgroups: *portgroupsdocker elastic_agent_endpoint: portgroups: *portgroupsdocker endgame: portgroups: *portgroupsdocker strelka_frontend: portgroups: *portgroupsdocker syslog: portgroups: *portgroupsdocker analyst: portgroups: *portgroupsdocker desktop: portgroups: *portgroupsdocker customhostgroup0: portgroups: *portgroupsdocker customhostgroup1: portgroups: *portgroupsdocker customhostgroup2: portgroups: *portgroupsdocker customhostgroup3: portgroups: *portgroupsdocker customhostgroup4: portgroups: *portgroupsdocker customhostgroup5: portgroups: *portgroupsdocker customhostgroup6: portgroups: *portgroupsdocker customhostgroup7: portgroups: *portgroupsdocker customhostgroup8: portgroups: *portgroupsdocker customhostgroup9: portgroups: *portgroupsdocker INPUT: hostgroups: anywhere: portgroups: *portgroupshost dockernet: portgroups: *portgroupshost fleet: portgroups: *portgroupshost localhost: portgroups: *portgroupshost standalone: portgroups: *portgroupshost idh: portgroups: *portgroupshost sensor: portgroups: *portgroupshost searchnode: portgroups: *portgroupshost heavynode: portgroups: *portgroupshost desktop: portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost customhostgroup1: portgroups: *portgroupshost customhostgroup2: portgroups: *portgroupshost customhostgroup3: portgroups: *portgroupshost customhostgroup4: portgroups: *portgroupshost customhostgroup5: portgroups: *portgroupshost customhostgroup6: portgroups: *portgroupshost customhostgroup7: portgroups: *portgroupshost customhostgroup8: portgroups: *portgroupshost customhostgroup9: portgroups: *portgroupshost searchnode: chain: DOCKER-USER: hostgroups: manager: portgroups: *portgroupsdocker dockernet: portgroups: *portgroupsdocker elasticsearch_rest: portgroups: *portgroupsdocker searchnode: portgroups: *portgroupsdocker self: portgroups: *portgroupsdocker customhostgroup0: portgroups: *portgroupsdocker customhostgroup1: portgroups: *portgroupsdocker customhostgroup2: portgroups: *portgroupsdocker customhostgroup3: portgroups: *portgroupsdocker customhostgroup4: portgroups: *portgroupsdocker customhostgroup5: portgroups: *portgroupsdocker customhostgroup6: portgroups: *portgroupsdocker customhostgroup7: portgroups: *portgroupsdocker customhostgroup8: portgroups: *portgroupsdocker customhostgroup9: portgroups: *portgroupsdocker INPUT: hostgroups: anywhere: portgroups: *portgroupshost dockernet: portgroups: *portgroupshost localhost: portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost customhostgroup1: portgroups: *portgroupshost customhostgroup2: portgroups: *portgroupshost customhostgroup3: portgroups: *portgroupshost customhostgroup4: portgroups: *portgroupshost customhostgroup5: portgroups: *portgroupshost customhostgroup6: portgroups: *portgroupshost customhostgroup7: portgroups: *portgroupshost customhostgroup8: portgroups: *portgroupshost customhostgroup9: portgroups: *portgroupshost sensor: chain: DOCKER-USER: hostgroups: self: portgroups: *portgroupsdocker strelka_frontend: portgroups: *portgroupsdocker customhostgroup0: portgroups: *portgroupsdocker customhostgroup1: portgroups: *portgroupsdocker customhostgroup2: portgroups: *portgroupsdocker customhostgroup3: portgroups: *portgroupsdocker customhostgroup4: portgroups: *portgroupsdocker customhostgroup5: portgroups: *portgroupsdocker customhostgroup6: portgroups: *portgroupsdocker customhostgroup7: portgroups: *portgroupsdocker customhostgroup8: portgroups: *portgroupsdocker customhostgroup9: portgroups: *portgroupsdocker INPUT: hostgroups: anywhere: portgroups: *portgroupshost dockernet: portgroups: *portgroupshost localhost: portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost customhostgroup1: portgroups: *portgroupshost customhostgroup2: portgroups: *portgroupshost customhostgroup3: portgroups: *portgroupshost customhostgroup4: portgroups: *portgroupshost customhostgroup5: portgroups: *portgroupshost customhostgroup6: portgroups: *portgroupshost customhostgroup7: portgroups: *portgroupshost customhostgroup8: portgroups: *portgroupshost customhostgroup9: portgroups: *portgroupshost heavynode: chain: DOCKER-USER: hostgroups: manager: portgroups: *portgroupsdocker dockernet: portgroups: *portgroupsdocker elasticsearch_rest: portgroups: *portgroupsdocker self: portgroups: *portgroupsdocker strelka_frontend: portgroups: *portgroupsdocker customhostgroup0: portgroups: *portgroupsdocker customhostgroup1: portgroups: *portgroupsdocker customhostgroup2: portgroups: *portgroupsdocker customhostgroup3: portgroups: *portgroupsdocker customhostgroup4: portgroups: *portgroupsdocker customhostgroup5: portgroups: *portgroupsdocker customhostgroup6: portgroups: *portgroupsdocker customhostgroup7: portgroups: *portgroupsdocker customhostgroup8: portgroups: *portgroupsdocker customhostgroup9: portgroups: *portgroupsdocker INPUT: hostgroups: anywhere: portgroups: *portgroupshost dockernet: portgroups: *portgroupshost localhost: portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost customhostgroup1: portgroups: *portgroupshost customhostgroup2: portgroups: *portgroupshost customhostgroup3: portgroups: *portgroupshost customhostgroup4: portgroups: *portgroupshost customhostgroup5: portgroups: *portgroupshost customhostgroup6: portgroups: *portgroupshost customhostgroup7: portgroups: *portgroupshost customhostgroup8: portgroups: *portgroupshost customhostgroup9: portgroups: *portgroupshost import: chain: DOCKER-USER: hostgroups: manager: portgroups: *portgroupsdocker sensor: portgroups: *portgroupsdocker searchnode: portgroups: *portgroupsdocker beats_endpoint: portgroups: *portgroupsdocker beats_endpoint_ssl: portgroups: *portgroupsdocker elasticsearch_rest: portgroups: *portgroupsdocker elastic_agent_endpoint: portgroups: *portgroupsdocker analyst: portgroups: *portgroupsdocker desktop: portgroups: *portgroupsdocker customhostgroup0: portgroups: *portgroupsdocker customhostgroup1: portgroups: *portgroupsdocker customhostgroup2: portgroups: *portgroupsdocker customhostgroup3: portgroups: *portgroupsdocker customhostgroup4: portgroups: *portgroupsdocker customhostgroup5: portgroups: *portgroupsdocker customhostgroup6: portgroups: *portgroupsdocker customhostgroup7: portgroups: *portgroupsdocker customhostgroup8: portgroups: *portgroupsdocker customhostgroup9: portgroups: *portgroupsdocker INPUT: hostgroups: anywhere: portgroups: *portgroupshost dockernet: portgroups: *portgroupshost localhost: portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost customhostgroup1: portgroups: *portgroupshost customhostgroup2: portgroups: *portgroupshost customhostgroup3: portgroups: *portgroupshost customhostgroup4: portgroups: *portgroupshost customhostgroup5: portgroups: *portgroupshost customhostgroup6: portgroups: *portgroupshost customhostgroup7: portgroups: *portgroupshost customhostgroup8: portgroups: *portgroupshost customhostgroup9: portgroups: *portgroupshost receiver: chain: DOCKER-USER: hostgroups: sensor: portgroups: *portgroupsdocker searchnode: portgroups: *portgroupsdocker self: portgroups: *portgroupsdocker syslog: portgroups: *portgroupsdocker beats_endpoint: portgroups: *portgroupsdocker beats_endpoint_ssl: portgroups: *portgroupsdocker endgame: portgroups: *portgroupsdocker customhostgroup0: portgroups: *portgroupsdocker customhostgroup1: portgroups: *portgroupsdocker customhostgroup2: portgroups: *portgroupsdocker customhostgroup3: portgroups: *portgroupsdocker customhostgroup4: portgroups: *portgroupsdocker customhostgroup5: portgroups: *portgroupsdocker customhostgroup6: portgroups: *portgroupsdocker customhostgroup7: portgroups: *portgroupsdocker customhostgroup8: portgroups: *portgroupsdocker customhostgroup9: portgroups: *portgroupsdocker INPUT: hostgroups: anywhere: portgroups: *portgroupshost dockernet: portgroups: *portgroupshost localhost: portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost customhostgroup1: portgroups: *portgroupshost customhostgroup2: portgroups: *portgroupshost customhostgroup3: portgroups: *portgroupshost customhostgroup4: portgroups: *portgroupshost customhostgroup5: portgroups: *portgroupshost customhostgroup6: portgroups: *portgroupshost customhostgroup7: portgroups: *portgroupshost customhostgroup8: portgroups: *portgroupshost customhostgroup9: portgroups: *portgroupshost idh: chain: DOCKER-USER: hostgroups: customhostgroup0: portgroups: *portgroupsdocker customhostgroup1: portgroups: *portgroupsdocker customhostgroup2: portgroups: *portgroupsdocker customhostgroup3: portgroups: *portgroupsdocker customhostgroup4: portgroups: *portgroupsdocker customhostgroup5: portgroups: *portgroupsdocker customhostgroup6: portgroups: *portgroupsdocker customhostgroup7: portgroups: *portgroupsdocker customhostgroup8: portgroups: *portgroupsdocker customhostgroup9: portgroups: *portgroupsdocker INPUT: hostgroups: anywhere: portgroups: *portgroupshost dockernet: portgroups: *portgroupshost localhost: portgroups: *portgroupshost manager: portgroups: *portgroupshost managersearch: portgroups: *portgroupshost standalone: portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost customhostgroup1: portgroups: *portgroupshost customhostgroup2: portgroups: *portgroupshost customhostgroup3: portgroups: *portgroupshost customhostgroup4: portgroups: *portgroupshost customhostgroup5: portgroups: *portgroupshost customhostgroup6: portgroups: *portgroupshost customhostgroup7: portgroups: *portgroupshost customhostgroup8: portgroups: *portgroupshost customhostgroup9: portgroups: *portgroupshost