firewall:
  hostgroups:
    analyst_workstations:
      description: List of IP addresses or CIDR blocks to allow analyst workstations.
      file: True
      global: True
      title: Analyst Workstations
      helpLink: firewall.html#host-groups
    analyst: 
      description: List of IP addresses or CIDR blocks to allow analyst connections.
      file: True
      global: True
      title: Analyst
      helpLink: firewall.html#host-groups
    beats_endpoint:
      description: List of IP addresses or CIDR blocks of standard beats without encryption.
      file: True
      global: True
      title: Beats Endpoints
      helpLink: firewall.html#host-groups
    beats_endpoint_ssl:
      description: List of IP addresses or CIDR blocks of standard beats with encryption.
      file: True
      global: True
      title: Beats Endpoints SSL
      helplink: firewall.html#host-groups
    elastic_agent_endpoint:
      description: List of IP addresses or CIDR blocks for Elastic Agent connections.
      file: True
      global: True
      title: Elastic Agents
      helplink: firewall.html#host-groups
    elasticsearch_rest:
      description: List of IP addresses or CIDR blocks to allow access directly to Elasticsearch.
      file: True
      global: True
      title: Elasticsearch Rest
      advanced: True
      helplink: firewall.html#host-groups
    endgame:
      description: List of IP addresses or CIDR blocks to allow Endgame access.
      file: True
      global: True
      title: Endgame
      advanced: True
      helplink: firewall.html#host-groups
    strelka_frontend:
      description: List of IP addresses or CIDR blocks to allow access to the Strelka front end.
      file: True
      global: True
      title: Strelka Frontend
      advanced: True
      helplink: firewall.html#host-groups
    syslog:
      description: List of IP addresses or CIDR blocks to allow syslog.
      file: True
      global: True
      title: Syslog Endpoint Traffic
      helplink: firewall.html#host-groups
    standalone: 
      description: List of IP addresses or CIDR blocks to allow standalone connections.
      file: True
      global: True
      title: Standalone
      advanced: True
      helpLink: firewall.html#host-groups
    eval: 
      description: List of IP addresses or CIDR blocks to allow eval connections.
      file: True
      global: True
      title: Eval
      advanced: True
      helpLink: firewall.html#host-groups
    idh: 
      description: List of IP addresses or CIDR blocks to allow idh connections.
      file: True
      global: True
      title: IDH Nodes
      helpLink: firewall.html#host-groups
    manager: 
      description: List of IP addresses or CIDR blocks to allow manager connections.
      file: True
      global: True
      title: Manager
      advanced: True
      helpLink: firewall.html#host-groups
    heavynodes: 
      description: List of IP addresses or CIDR blocks to allow heavynode connections.
      file: True
      global: True
      title: Heavy Nodes
      helpLink: firewall.html#host-groups
    searchnodes: 
      description: List of IP addresses or CIDR blocks to allow searchnode connections.
      file: True
      global: True
      title: Search Nodes
      helpLink: firewall.html#host-groups
    sensors:
      description: List of IP addresses or CIDR blocks to allow Sensor connections.
      file: True
      global: True
      title: Sensors
      helpLink: firewall.html#host-groups
    receivers: 
      description: List of IP addresses or CIDR blocks to allow receiver connections.
      file: True
      global: True
      title: Receivers
      helpLink: firewall.html#host-groups
  portgroups:
    portgroups__yaml:
      description: Port Groups
      file: True
      global: True
      advanced: True
      title: Port Groups
      syntax: yaml
      helpLink: firewall.html#function
  ports:
    ports__yaml:
      description: Ports in YAML.
      file: True
      global: True
      advanced: True
      title: Ports
      syntax: yaml
      helpLink: firewall.html#port-groups