firewall: hostgroups: analyst: [] anywhere: - 0.0.0.0/0 beats_endpoint: [] beats_endpoint_ssl: [] dockernet: [] elastic_agent_endpoint: [] elasticsearch_rest: [] endgame: [] eval: [] fleet: [] heavynode: [] idh: [] import: [] localhost: - 127.0.0.1 manager: [] managersearch: [] receiver: [] searchnode: [] securityonion_desktop: [] self: [] sensor: [] standalone: [] strelka_frontend: [] syslog: [] customhostgroup0: [] customhostgroup1: [] customhostgroup2: [] customhostgroup3: [] customhostgroup4: [] customhostgroup5: [] customhostgroup6: [] customhostgroup7: [] customhostgroup8: [] customhostgroup9: [] portgroups: all: tcp: - '0:65535' udp: - '0:65535' beats_5044: tcp: - 5044 udp: [] beats_5644: tcp: - 5644 udp: [] beats_5066: tcp: - 5066 udp: [] beats_5056: tcp: - 5056 udp: [] docker_registry: tcp: - 5000 udp: [] elasticsearch_node: tcp: - 9300 udp: [] elasticsearch_rest: tcp: - 9200 udp: [] elastic_agent_control: tcp: - 8220 udp: [] elastic_agent_data: tcp: - 5055 udp: [] elastic_agent_update: tcp: - 8443 udp: [] endgame: tcp: - 3765 udp: [] influxdb: tcp: - 8086 udp: [] kibana: tcp: - 5601 udp: [] localrules: tcp: - 7788 udp: [] mysql: tcp: - 3306 udp: [] nginx: tcp: - 80 - 443 udp: [] playbook: tcp: - 3000 udp: [] redis: tcp: - 6379 - 9696 salt_manager: tcp: - 4505 - 4506 udp: [] sensoroni: tcp: - 443 udp: [] ssh: tcp: - 22 udp: [] strelka_frontend: tcp: - 57314 udp: [] syslog: tcp: - 514 udp: - 514 yum: tcp: - 443 udp: [] customportgroup0: tcp: [] udp: [] customportgroup1: tcp: [] udp: [] customportgroup2: tcp: [] udp: [] customportgroup3: tcp: [] udp: [] customportgroup4: tcp: [] udp: [] customportgroup5: tcp: [] udp: [] customportgroup6: tcp: [] udp: [] customportgroup7: tcp: [] udp: [] customportgroup8: tcp: [] udp: [] customportgroup9: tcp: [] udp: [] role: eval: chain: DOCKER-USER: hostgroups: eval: portgroups: - playbook - mysql - kibana - redis - influxdb - elasticsearch_rest - elasticsearch_node - localrules sensor: portgroups: - beats_5044 - beats_5644 searchnode: portgroups: - redis - elasticsearch_node heavynode: portgroups: - redis - elasticsearch_node self: portgroups: - syslog beats_endpoint: portgroups: - beats_5044 beats_endpoint_ssl: portgroups: - beats_5644 elasticsearch_rest: portgroups: - elasticsearch_rest elastic_agent_endpoint: portgroups: - elastic_agent_control - elastic_agent_data - elastic_agent_update strelka_frontend: portgroups: - strelka_frontend syslog: portgroups: - syslog analyst: portgroups: - nginx customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] INPUT: hostgroups: anywhere: portgroups: - ssh dockernet: portgroups: - all localhost: portgroups: - all customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] fleet: chain: DOCKER-USER: hostgroups: sensor: portgroups: - elastic_agent_control - elastic_agent_data - elastic_agent_update elastic_agent_endpoint: portgroups: - elastic_agent_control - elastic_agent_data - elastic_agent_update customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] INPUT: hostgroups: anywhere: portgroups: - ssh dockernet: portgroups: - all localhost: portgroups: - all standalone: portgroups: - salt_manager sensor: portgroups: - salt_manager searchnode: portgroups: - salt_manager heavynode: portgroups: - salt_manager customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] manager: chain: DOCKER-USER: hostgroups: manager: portgroups: - playbook - mysql - kibana - redis - influxdb - elasticsearch_rest - elasticsearch_node - docker_registry - elastic_agent_control - elastic_agent_data - elastic_agent_update - localrules fleet: portgroups: - elasticsearch_rest - docker_registry - influxdb - sensoroni - yum - beats_5044 - beats_5644 - beats_5056 - elastic_agent_control - elastic_agent_data - elastic_agent_update sensor: portgroups: - beats_5044 - beats_5644 - elastic_agent_control - elastic_agent_data - elastic_agent_update - yum - docker_registry - influxdb searchnode: portgroups: - redis - elasticsearch_rest - elasticsearch_node - beats_5644 - yum - docker_registry - influxdb - elastic_agent_control - elastic_agent_data - elastic_agent_update heavynode: portgroups: - redis - elasticsearch_rest - elasticsearch_node - beats_5644 - yum - docker_registry - influxdb - elastic_agent_control - elastic_agent_data - elastic_agent_update receiver: portgroups: - yum - docker_registry - influxdb - elastic_agent_control - elastic_agent_data - elastic_agent_update self: portgroups: - syslog syslog: portgroups: - syslog beats_endpoint: portgroups: - beats_5044 beats_endpoint_ssl: portgroups: - beats_5644 elasticsearch_rest: portgroups: - elasticsearch_rest elastic_agent_endpoint: portgroups: - elastic_agent_control - elastic_agent_data - elastic_agent_update endgame: portgroups: - endgame analyst: portgroups: - nginx customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] INPUT: hostgroups: anywhere: portgroups: - ssh dockernet: portgroups: - all fleet: portgroups: - salt_manager localhost: portgroups: - all sensor: portgroups: - salt_manager searchnode: portgroups: - salt_manager heavynode: portgroups: - salt_manager receiver: portgroups: - salt_manager customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] managersearch: chain: DOCKER-USER: hostgroups: managersearch: portgroups: - playbook - mysql - kibana - redis - influxdb - elasticsearch_rest - elasticsearch_node - docker_registry - elastic_agent_control - elastic_agent_data - elastic_agent_update - localrules fleet: portgroups: - elasticsearch_rest - docker_registry - influxdb - sensoroni - yum - beats_5044 - beats_5644 - beats_5056 - elastic_agent_control - elastic_agent_data - elastic_agent_update sensor: portgroups: - beats_5044 - beats_5644 - elastic_agent_control - elastic_agent_data - elastic_agent_update - yum - docker_registry - influxdb searchnode: portgroups: - redis - elasticsearch_rest - elasticsearch_node - yum - docker_registry - influxdb - elastic_agent_control - elastic_agent_data - elastic_agent_update heavynode: portgroups: - redis - elasticsearch_rest - elasticsearch_node - yum - docker_registry - influxdb - elastic_agent_control - elastic_agent_data - elastic_agent_update receiver: portgroups: - yum - docker_registry - influxdb - elastic_agent_control - elastic_agent_data - elastic_agent_update self: portgroups: - syslog beats_endpoint: portgroups: - beats_5044 beats_endpoint_ssl: portgroups: - beats_5644 elasticsearch_rest: portgroups: - elasticsearch_rest elastic_agent_endpoint: portgroups: - elastic_agent_control - elastic_agent_data - elastic_agent_update endgame: portgroups: - endgame syslog: portgroups: - syslog analyst: portgroups: - nginx customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] INPUT: hostgroups: anywhere: portgroups: - ssh dockernet: portgroups: - all fleet: portgroups: - salt_manager localhost: portgroups: - all sensor: portgroups: - salt_manager searchnode: portgroups: - salt_manager heavynode: portgroups: - salt_manager receiver: portgroups: - salt_manager customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] standalone: chain: DOCKER-USER: hostgroups: localhost: portgroups: - all standalone: portgroups: - playbook - mysql - kibana - redis - influxdb - elasticsearch_rest - elasticsearch_node - docker_registry - sensoroni - yum - beats_5044 - beats_5644 - beats_5056 - redis - elasticsearch_node - elastic_agent_control - elastic_agent_data - elastic_agent_update - endgame - strelka_frontend - localrules fleet: portgroups: - elasticsearch_rest - docker_registry - influxdb - sensoroni - yum - beats_5044 - beats_5644 - beats_5056 - elastic_agent_control - elastic_agent_data - elastic_agent_update sensor: portgroups: - docker_registry - influxdb - sensoroni - yum - beats_5044 - beats_5644 - beats_5056 - elastic_agent_control - elastic_agent_data - elastic_agent_update searchnode: portgroups: - docker_registry - influxdb - sensoroni - yum - redis - elasticsearch_rest - elasticsearch_node heavynode: portgroups: - docker_registry - influxdb - sensoroni - yum - redis - elasticsearch_rest - elasticsearch_node receiver: portgroups: - yum - docker_registry - influxdb - elastic_agent_control - elastic_agent_data - elastic_agent_update self: portgroups: - syslog beats_endpoint: portgroups: - beats_5044 beats_endpoint_ssl: portgroups: - beats_5644 elasticsearch_rest: portgroups: - elasticsearch_rest elastic_agent_endpoint: portgroups: - elastic_agent_control - elastic_agent_data - elastic_agent_update endgame: portgroups: - endgame strelka_frontend: portgroups: - strelka_frontend syslog: portgroups: - syslog analyst: portgroups: - nginx customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] INPUT: hostgroups: anywhere: portgroups: - ssh dockernet: portgroups: - all fleet: portgroups: - salt_manager localhost: portgroups: - all standalone: portgroups: - salt_manager sensor: portgroups: - salt_manager searchnode: portgroups: - salt_manager heavynode: portgroups: - salt_manager receiver: portgroups: - salt_manager customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] searchnode: chain: DOCKER-USER: hostgroups: manager: portgroups: - elasticsearch_node - elasticsearch_rest dockernet: portgroups: - elasticsearch_node - elasticsearch_rest elasticsearch_rest: portgroups: - elasticsearch_rest searchnode: portgroups: - elasticsearch_node self: portgroups: - syslog customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] INPUT: hostgroups: anywhere: portgroups: - ssh dockernet: portgroups: - all localhost: portgroups: - all customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] sensor: chain: DOCKER-USER: hostgroups: self: portgroups: - syslog strelka_frontend: portgroups: - strelka_frontend customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] INPUT: hostgroups: anywhere: portgroups: - ssh dockernet: portgroups: - all localhost: portgroups: - all customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] heavynode: chain: DOCKER-USER: hostgroups: manager: portgroups: - elasticsearch_node - elasticsearch_rest dockernet: portgroups: - elasticsearch_node - elasticsearch_rest elasticsearch_rest: portgroups: - elasticsearch_rest self: portgroups: - syslog - elasticsearch_node - elasticsearch_rest strelka_frontend: portgroups: - strelka_frontend customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] INPUT: hostgroups: anywhere: portgroups: - ssh dockernet: portgroups: - all localhost: portgroups: - all customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] import: chain: DOCKER-USER: hostgroups: manager: portgroups: - kibana - redis - influxdb - elasticsearch_rest - elasticsearch_node - elastic_agent_control - localrules sensor: portgroups: - beats_5044 - beats_5644 searchnode: portgroups: - redis - elasticsearch_node beats_endpoint: portgroups: - beats_5044 beats_endpoint_ssl: portgroups: - beats_5644 elasticsearch_rest: portgroups: - elasticsearch_rest elastic_agent_endpoint: portgroups: - elastic_agent_control - elastic_agent_data - elastic_agent_update analyst: portgroups: - nginx customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] INPUT: hostgroups: anywhere: portgroups: - ssh dockernet: portgroups: - all localhost: portgroups: - all customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] receiver: chain: DOCKER-USER: hostgroups: sensor: portgroups: - beats_5044 - beats_5644 - elastic_agent_data searchnode: portgroups: - redis - beats_5644 self: portgroups: - redis - syslog - beats_5644 syslog: portgroups: - syslog beats_endpoint: portgroups: - beats_5044 beats_endpoint_ssl: portgroups: - beats_5644 endgame: portgroups: - endgame customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] INPUT: hostgroups: anywhere: portgroups: - ssh dockernet: portgroups: - all localhost: portgroups: - all customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] idh: chain: DOCKER-USER: hostgroups: customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: [] INPUT: hostgroups: anywhere: portgroups: [] dockernet: portgroups: - all localhost: portgroups: - all manager: portgroups: - openssh managersearch: portgroups: - openssh standalone: portgroups: - openssh customhostgroup0: portgroups: [] customhostgroup1: portgroups: [] customhostgroup2: portgroups: [] customhostgroup3: portgroups: [] customhostgroup4: portgroups: [] customhostgroup5: portgroups: [] customhostgroup6: portgroups: [] customhostgroup7: portgroups: [] customhostgroup8: portgroups: [] customhostgroup9: portgroups: []