mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
1001 lines
32 KiB
YAML
1001 lines
32 KiB
YAML
firewall:
|
|
hostgroups:
|
|
analyst: &hostgroupsettings
|
|
description: List of IP or CIDR blocks to allow access to this hostgroup.
|
|
forcedType: "[]string"
|
|
helpLink: firewall.html
|
|
multiline: True
|
|
regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$
|
|
regexFailureMessage: You must enter a valid IP address or CIDR.
|
|
duplicates: True
|
|
anywhere: &hostgroupsettingsadv
|
|
description: List of IP or CIDR blocks to allow access to this hostgroup.
|
|
forcedType: "[]string"
|
|
helpLink: firewall.html
|
|
multiline: True
|
|
advanced: True
|
|
regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$
|
|
regexFailureMessage: You must enter a valid IP address or CIDR.
|
|
duplicates: True
|
|
beats_endpoint: *hostgroupsettings
|
|
beats_endpoint_ssl: *hostgroupsettings
|
|
dockernet: &ROhostgroupsettingsadv
|
|
description: List of IP or CIDR blocks to allow access to this hostgroup.
|
|
forcedType: "[]string"
|
|
helpLink: firewall.html
|
|
multiline: True
|
|
advanced: True
|
|
readonly: True
|
|
regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$
|
|
regexFailureMessage: You must enter a valid IP address or CIDR.
|
|
elastic_agent_endpoint: *hostgroupsettings
|
|
elasticsearch_rest: *hostgroupsettingsadv
|
|
endgame: *hostgroupsettingsadv
|
|
eval: *hostgroupsettings
|
|
fleet: *hostgroupsettings
|
|
heavynode: *hostgroupsettings
|
|
idh: *hostgroupsettings
|
|
import: *hostgroupsettings
|
|
localhost: *ROhostgroupsettingsadv
|
|
manager: *hostgroupsettings
|
|
managersearch: *hostgroupsettings
|
|
receiver: *hostgroupsettings
|
|
searchnode: *hostgroupsettings
|
|
self: *ROhostgroupsettingsadv
|
|
sensor: *hostgroupsettings
|
|
standalone: *hostgroupsettings
|
|
strelka_frontend: *hostgroupsettings
|
|
syslog: *hostgroupsettings
|
|
desktop: *hostgroupsettings
|
|
customhostgroup0: &customhostgroupsettings
|
|
description: List of IP or CIDR blocks to allow to this hostgroup.
|
|
forcedType: "[]string"
|
|
helpLink: firewall.html
|
|
advanced: True
|
|
multiline: True
|
|
regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$
|
|
regexFailureMessage: You must enter a valid IP address or CIDR.
|
|
duplicates: True
|
|
customhostgroup1: *customhostgroupsettings
|
|
customhostgroup2: *customhostgroupsettings
|
|
customhostgroup3: *customhostgroupsettings
|
|
customhostgroup4: *customhostgroupsettings
|
|
customhostgroup5: *customhostgroupsettings
|
|
customhostgroup6: *customhostgroupsettings
|
|
customhostgroup7: *customhostgroupsettings
|
|
customhostgroup8: *customhostgroupsettings
|
|
customhostgroup9: *customhostgroupsettings
|
|
portgroups:
|
|
all:
|
|
tcp: &tcpsettings
|
|
description: List of TCP ports for this port group.
|
|
forcedType: "[]string"
|
|
helpLink: firewall.html
|
|
advanced: True
|
|
multiline: True
|
|
duplicates: True
|
|
udp: &udpsettings
|
|
description: List of UDP ports for this port group.
|
|
forcedType: "[]string"
|
|
helpLink: firewall.html
|
|
advanced: True
|
|
multiline: True
|
|
duplicates: True
|
|
agrules:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
beats_5044:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
beats_5644:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
beats_5066:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
beats_5056:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
docker_registry:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
elasticsearch_node:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
elasticsearch_rest:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
elastic_agent_control:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
elastic_agent_data:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
elastic_agent_update:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
endgame:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
influxdb:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
kibana:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
localrules:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
nginx:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
redis:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
salt_manager:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
sensoroni:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
ssh:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
strelka_frontend:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
syslog:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
yum:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
customportgroup0:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
customportgroup1:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
customportgroup2:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
customportgroup3:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
customportgroup4:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
customportgroup5:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
customportgroup6:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
customportgroup7:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
customportgroup8:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
customportgroup9:
|
|
tcp: *tcpsettings
|
|
udp: *udpsettings
|
|
role:
|
|
eval:
|
|
chain:
|
|
DOCKER-USER:
|
|
hostgroups:
|
|
eval:
|
|
portgroups: &portgroupsdocker
|
|
description: Portgroups to add access to the docker containers for this role.
|
|
advanced: True
|
|
multiline: True
|
|
forcedType: "[]string"
|
|
helpLink: firewall.html
|
|
duplicates: True
|
|
sensor:
|
|
portgroups: *portgroupsdocker
|
|
searchnode:
|
|
portgroups: *portgroupsdocker
|
|
heavynode:
|
|
portgroups: *portgroupsdocker
|
|
self:
|
|
portgroups: *portgroupsdocker
|
|
beats_endpoint:
|
|
portgroups: *portgroupsdocker
|
|
beats_endpoint_ssl:
|
|
portgroups: *portgroupsdocker
|
|
elasticsearch_rest:
|
|
portgroups: *portgroupsdocker
|
|
elastic_agent_endpoint:
|
|
portgroups: *portgroupsdocker
|
|
strelka_frontend:
|
|
portgroups: *portgroupsdocker
|
|
syslog:
|
|
portgroups: *portgroupsdocker
|
|
analyst:
|
|
portgroups: *portgroupsdocker
|
|
desktop:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup0:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup1:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup2:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup3:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup4:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup5:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup6:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup7:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup8:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup9:
|
|
portgroups: *portgroupsdocker
|
|
INPUT:
|
|
hostgroups:
|
|
anywhere:
|
|
portgroups: &portgroupshost
|
|
description: Portgroups to add access to the host.
|
|
advanced: True
|
|
multiline: True
|
|
forcedType: "[]string"
|
|
helpLink: firewall.html
|
|
duplicates: True
|
|
dockernet:
|
|
portgroups: *portgroupshost
|
|
localhost:
|
|
portgroups: *portgroupshost
|
|
customhostgroup0:
|
|
portgroups: *portgroupshost
|
|
customhostgroup1:
|
|
portgroups: *portgroupshost
|
|
customhostgroup2:
|
|
portgroups: *portgroupshost
|
|
customhostgroup3:
|
|
portgroups: *portgroupshost
|
|
customhostgroup4:
|
|
portgroups: *portgroupshost
|
|
customhostgroup5:
|
|
portgroups: *portgroupshost
|
|
customhostgroup6:
|
|
portgroups: *portgroupshost
|
|
customhostgroup7:
|
|
portgroups: *portgroupshost
|
|
customhostgroup8:
|
|
portgroups: *portgroupshost
|
|
customhostgroup9:
|
|
portgroups: *portgroupshost
|
|
fleet:
|
|
chain:
|
|
DOCKER-USER:
|
|
hostgroups:
|
|
sensor:
|
|
portgroups: *portgroupsdocker
|
|
elastic_agent_endpoint:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup0:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup1:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup2:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup3:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup4:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup5:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup6:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup7:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup8:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup9:
|
|
portgroups: *portgroupsdocker
|
|
INPUT:
|
|
hostgroups:
|
|
anywhere:
|
|
portgroups: *portgroupshost
|
|
dockernet:
|
|
portgroups: *portgroupshost
|
|
localhost:
|
|
portgroups: *portgroupsdocker
|
|
standalone:
|
|
portgroups: *portgroupshost
|
|
sensor:
|
|
portgroups: *portgroupshost
|
|
searchnode:
|
|
portgroups: *portgroupshost
|
|
heavynode:
|
|
portgroups: *portgroupshost
|
|
customhostgroup0:
|
|
portgroups: *portgroupshost
|
|
customhostgroup1:
|
|
portgroups: *portgroupshost
|
|
customhostgroup2:
|
|
portgroups: *portgroupshost
|
|
customhostgroup3:
|
|
portgroups: *portgroupshost
|
|
customhostgroup4:
|
|
portgroups: *portgroupshost
|
|
customhostgroup5:
|
|
portgroups: *portgroupshost
|
|
customhostgroup6:
|
|
portgroups: *portgroupshost
|
|
customhostgroup7:
|
|
portgroups: *portgroupshost
|
|
customhostgroup8:
|
|
portgroups: *portgroupshost
|
|
customhostgroup9:
|
|
portgroups: *portgroupshost
|
|
|
|
manager:
|
|
chain:
|
|
DOCKER-USER:
|
|
hostgroups:
|
|
manager:
|
|
portgroups: *portgroupsdocker
|
|
idh:
|
|
portgroups: *portgroupsdocker
|
|
sensor:
|
|
portgroups: *portgroupsdocker
|
|
searchnode:
|
|
portgroups: *portgroupsdocker
|
|
heavynode:
|
|
portgroups: *portgroupsdocker
|
|
self:
|
|
portgroups: *portgroupsdocker
|
|
syslog:
|
|
portgroups: *portgroupsdocker
|
|
beats_endpoint:
|
|
portgroups: *portgroupsdocker
|
|
beats_endpoint_ssl:
|
|
portgroups: *portgroupsdocker
|
|
elasticsearch_rest:
|
|
portgroups: *portgroupsdocker
|
|
elastic_agent_endpoint:
|
|
portgroups: *portgroupsdocker
|
|
endgame:
|
|
portgroups: *portgroupsdocker
|
|
analyst:
|
|
portgroups: *portgroupsdocker
|
|
desktop:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup0:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup1:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup2:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup3:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup4:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup5:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup6:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup7:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup8:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup9:
|
|
portgroups: *portgroupsdocker
|
|
INPUT:
|
|
hostgroups:
|
|
anywhere:
|
|
portgroups: *portgroupshost
|
|
dockernet:
|
|
portgroups: *portgroupshost
|
|
localhost:
|
|
portgroups: *portgroupshost
|
|
idh:
|
|
portgroups: *portgroupshost
|
|
sensor:
|
|
portgroups: *portgroupshost
|
|
searchnode:
|
|
portgroups: *portgroupshost
|
|
heavynode:
|
|
portgroups: *portgroupshost
|
|
desktop:
|
|
portgroups: *portgroupshost
|
|
customhostgroup0:
|
|
portgroups: *portgroupshost
|
|
customhostgroup1:
|
|
portgroups: *portgroupshost
|
|
customhostgroup2:
|
|
portgroups: *portgroupshost
|
|
customhostgroup3:
|
|
portgroups: *portgroupshost
|
|
customhostgroup4:
|
|
portgroups: *portgroupshost
|
|
customhostgroup5:
|
|
portgroups: *portgroupshost
|
|
customhostgroup6:
|
|
portgroups: *portgroupshost
|
|
customhostgroup7:
|
|
portgroups: *portgroupshost
|
|
customhostgroup8:
|
|
portgroups: *portgroupshost
|
|
customhostgroup9:
|
|
portgroups: *portgroupshost
|
|
|
|
managersearch:
|
|
chain:
|
|
DOCKER-USER:
|
|
hostgroups:
|
|
managersearch:
|
|
portgroups: *portgroupsdocker
|
|
idh:
|
|
portgroups: *portgroupsdocker
|
|
sensor:
|
|
portgroups: *portgroupsdocker
|
|
searchnode:
|
|
portgroups: *portgroupsdocker
|
|
heavynode:
|
|
portgroups: *portgroupsdocker
|
|
self:
|
|
portgroups: *portgroupsdocker
|
|
beats_endpoint:
|
|
portgroups: *portgroupsdocker
|
|
beats_endpoint_ssl:
|
|
portgroups: *portgroupsdocker
|
|
elasticsearch_rest:
|
|
portgroups: *portgroupsdocker
|
|
elastic_agent_endpoint:
|
|
portgroups: *portgroupsdocker
|
|
endgame:
|
|
portgroups: *portgroupsdocker
|
|
syslog:
|
|
portgroups: *portgroupsdocker
|
|
analyst:
|
|
portgroups: *portgroupsdocker
|
|
desktop:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup0:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup1:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup2:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup3:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup4:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup5:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup6:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup7:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup8:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup9:
|
|
portgroups: *portgroupsdocker
|
|
INPUT:
|
|
hostgroups:
|
|
anywhere:
|
|
portgroups: *portgroupshost
|
|
dockernet:
|
|
portgroups: *portgroupshost
|
|
localhost:
|
|
portgroups: *portgroupshost
|
|
idh:
|
|
portgroups: *portgroupshost
|
|
sensor:
|
|
portgroups: *portgroupshost
|
|
searchnode:
|
|
portgroups: *portgroupshost
|
|
heavynode:
|
|
portgroups: *portgroupshost
|
|
desktop:
|
|
portgroups: *portgroupshost
|
|
customhostgroup0:
|
|
portgroups: *portgroupshost
|
|
customhostgroup1:
|
|
portgroups: *portgroupshost
|
|
customhostgroup2:
|
|
portgroups: *portgroupshost
|
|
customhostgroup3:
|
|
portgroups: *portgroupshost
|
|
customhostgroup4:
|
|
portgroups: *portgroupshost
|
|
customhostgroup5:
|
|
portgroups: *portgroupshost
|
|
customhostgroup6:
|
|
portgroups: *portgroupshost
|
|
customhostgroup7:
|
|
portgroups: *portgroupshost
|
|
customhostgroup8:
|
|
portgroups: *portgroupshost
|
|
customhostgroup9:
|
|
portgroups: *portgroupshost
|
|
|
|
standalone:
|
|
chain:
|
|
DOCKER-USER:
|
|
hostgroups:
|
|
localhost:
|
|
portgroups: *portgroupsdocker
|
|
standalone:
|
|
portgroups: *portgroupsdocker
|
|
fleet:
|
|
portgroups: *portgroupsdocker
|
|
idh:
|
|
portgroups: *portgroupsdocker
|
|
sensor:
|
|
portgroups: *portgroupsdocker
|
|
searchnode:
|
|
portgroups: *portgroupsdocker
|
|
heavynode:
|
|
portgroups: *portgroupsdocker
|
|
self:
|
|
portgroups: *portgroupsdocker
|
|
beats_endpoint:
|
|
portgroups: *portgroupsdocker
|
|
beats_endpoint_ssl:
|
|
portgroups: *portgroupsdocker
|
|
elasticsearch_rest:
|
|
portgroups: *portgroupsdocker
|
|
elastic_agent_endpoint:
|
|
portgroups: *portgroupsdocker
|
|
endgame:
|
|
portgroups: *portgroupsdocker
|
|
strelka_frontend:
|
|
portgroups: *portgroupsdocker
|
|
syslog:
|
|
portgroups: *portgroupsdocker
|
|
analyst:
|
|
portgroups: *portgroupsdocker
|
|
desktop:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup0:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup1:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup2:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup3:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup4:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup5:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup6:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup7:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup8:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup9:
|
|
portgroups: *portgroupsdocker
|
|
INPUT:
|
|
hostgroups:
|
|
anywhere:
|
|
portgroups: *portgroupshost
|
|
dockernet:
|
|
portgroups: *portgroupshost
|
|
fleet:
|
|
portgroups: *portgroupshost
|
|
localhost:
|
|
portgroups: *portgroupshost
|
|
standalone:
|
|
portgroups: *portgroupshost
|
|
idh:
|
|
portgroups: *portgroupshost
|
|
sensor:
|
|
portgroups: *portgroupshost
|
|
searchnode:
|
|
portgroups: *portgroupshost
|
|
heavynode:
|
|
portgroups: *portgroupshost
|
|
desktop:
|
|
portgroups: *portgroupshost
|
|
customhostgroup0:
|
|
portgroups: *portgroupshost
|
|
customhostgroup1:
|
|
portgroups: *portgroupshost
|
|
customhostgroup2:
|
|
portgroups: *portgroupshost
|
|
customhostgroup3:
|
|
portgroups: *portgroupshost
|
|
customhostgroup4:
|
|
portgroups: *portgroupshost
|
|
customhostgroup5:
|
|
portgroups: *portgroupshost
|
|
customhostgroup6:
|
|
portgroups: *portgroupshost
|
|
customhostgroup7:
|
|
portgroups: *portgroupshost
|
|
customhostgroup8:
|
|
portgroups: *portgroupshost
|
|
customhostgroup9:
|
|
portgroups: *portgroupshost
|
|
|
|
searchnode:
|
|
chain:
|
|
DOCKER-USER:
|
|
hostgroups:
|
|
manager:
|
|
portgroups: *portgroupsdocker
|
|
dockernet:
|
|
portgroups: *portgroupsdocker
|
|
elasticsearch_rest:
|
|
portgroups: *portgroupsdocker
|
|
searchnode:
|
|
portgroups: *portgroupsdocker
|
|
self:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup0:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup1:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup2:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup3:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup4:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup5:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup6:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup7:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup8:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup9:
|
|
portgroups: *portgroupsdocker
|
|
INPUT:
|
|
hostgroups:
|
|
anywhere:
|
|
portgroups: *portgroupshost
|
|
dockernet:
|
|
portgroups: *portgroupshost
|
|
localhost:
|
|
portgroups: *portgroupshost
|
|
customhostgroup0:
|
|
portgroups: *portgroupshost
|
|
customhostgroup1:
|
|
portgroups: *portgroupshost
|
|
customhostgroup2:
|
|
portgroups: *portgroupshost
|
|
customhostgroup3:
|
|
portgroups: *portgroupshost
|
|
customhostgroup4:
|
|
portgroups: *portgroupshost
|
|
customhostgroup5:
|
|
portgroups: *portgroupshost
|
|
customhostgroup6:
|
|
portgroups: *portgroupshost
|
|
customhostgroup7:
|
|
portgroups: *portgroupshost
|
|
customhostgroup8:
|
|
portgroups: *portgroupshost
|
|
customhostgroup9:
|
|
portgroups: *portgroupshost
|
|
|
|
sensor:
|
|
chain:
|
|
DOCKER-USER:
|
|
hostgroups:
|
|
self:
|
|
portgroups: *portgroupsdocker
|
|
strelka_frontend:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup0:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup1:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup2:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup3:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup4:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup5:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup6:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup7:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup8:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup9:
|
|
portgroups: *portgroupsdocker
|
|
INPUT:
|
|
hostgroups:
|
|
anywhere:
|
|
portgroups: *portgroupshost
|
|
dockernet:
|
|
portgroups: *portgroupshost
|
|
localhost:
|
|
portgroups: *portgroupshost
|
|
customhostgroup0:
|
|
portgroups: *portgroupshost
|
|
customhostgroup1:
|
|
portgroups: *portgroupshost
|
|
customhostgroup2:
|
|
portgroups: *portgroupshost
|
|
customhostgroup3:
|
|
portgroups: *portgroupshost
|
|
customhostgroup4:
|
|
portgroups: *portgroupshost
|
|
customhostgroup5:
|
|
portgroups: *portgroupshost
|
|
customhostgroup6:
|
|
portgroups: *portgroupshost
|
|
customhostgroup7:
|
|
portgroups: *portgroupshost
|
|
customhostgroup8:
|
|
portgroups: *portgroupshost
|
|
customhostgroup9:
|
|
portgroups: *portgroupshost
|
|
|
|
heavynode:
|
|
chain:
|
|
DOCKER-USER:
|
|
hostgroups:
|
|
manager:
|
|
portgroups: *portgroupsdocker
|
|
dockernet:
|
|
portgroups: *portgroupsdocker
|
|
elasticsearch_rest:
|
|
portgroups: *portgroupsdocker
|
|
self:
|
|
portgroups: *portgroupsdocker
|
|
strelka_frontend:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup0:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup1:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup2:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup3:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup4:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup5:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup6:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup7:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup8:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup9:
|
|
portgroups: *portgroupsdocker
|
|
INPUT:
|
|
hostgroups:
|
|
anywhere:
|
|
portgroups: *portgroupshost
|
|
dockernet:
|
|
portgroups: *portgroupshost
|
|
localhost:
|
|
portgroups: *portgroupshost
|
|
customhostgroup0:
|
|
portgroups: *portgroupshost
|
|
customhostgroup1:
|
|
portgroups: *portgroupshost
|
|
customhostgroup2:
|
|
portgroups: *portgroupshost
|
|
customhostgroup3:
|
|
portgroups: *portgroupshost
|
|
customhostgroup4:
|
|
portgroups: *portgroupshost
|
|
customhostgroup5:
|
|
portgroups: *portgroupshost
|
|
customhostgroup6:
|
|
portgroups: *portgroupshost
|
|
customhostgroup7:
|
|
portgroups: *portgroupshost
|
|
customhostgroup8:
|
|
portgroups: *portgroupshost
|
|
customhostgroup9:
|
|
portgroups: *portgroupshost
|
|
|
|
import:
|
|
chain:
|
|
DOCKER-USER:
|
|
hostgroups:
|
|
manager:
|
|
portgroups: *portgroupsdocker
|
|
sensor:
|
|
portgroups: *portgroupsdocker
|
|
searchnode:
|
|
portgroups: *portgroupsdocker
|
|
beats_endpoint:
|
|
portgroups: *portgroupsdocker
|
|
beats_endpoint_ssl:
|
|
portgroups: *portgroupsdocker
|
|
elasticsearch_rest:
|
|
portgroups: *portgroupsdocker
|
|
elastic_agent_endpoint:
|
|
portgroups: *portgroupsdocker
|
|
analyst:
|
|
portgroups: *portgroupsdocker
|
|
desktop:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup0:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup1:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup2:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup3:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup4:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup5:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup6:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup7:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup8:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup9:
|
|
portgroups: *portgroupsdocker
|
|
INPUT:
|
|
hostgroups:
|
|
anywhere:
|
|
portgroups: *portgroupshost
|
|
dockernet:
|
|
portgroups: *portgroupshost
|
|
localhost:
|
|
portgroups: *portgroupshost
|
|
customhostgroup0:
|
|
portgroups: *portgroupshost
|
|
customhostgroup1:
|
|
portgroups: *portgroupshost
|
|
customhostgroup2:
|
|
portgroups: *portgroupshost
|
|
customhostgroup3:
|
|
portgroups: *portgroupshost
|
|
customhostgroup4:
|
|
portgroups: *portgroupshost
|
|
customhostgroup5:
|
|
portgroups: *portgroupshost
|
|
customhostgroup6:
|
|
portgroups: *portgroupshost
|
|
customhostgroup7:
|
|
portgroups: *portgroupshost
|
|
customhostgroup8:
|
|
portgroups: *portgroupshost
|
|
customhostgroup9:
|
|
portgroups: *portgroupshost
|
|
|
|
receiver:
|
|
chain:
|
|
DOCKER-USER:
|
|
hostgroups:
|
|
sensor:
|
|
portgroups: *portgroupsdocker
|
|
searchnode:
|
|
portgroups: *portgroupsdocker
|
|
self:
|
|
portgroups: *portgroupsdocker
|
|
syslog:
|
|
portgroups: *portgroupsdocker
|
|
beats_endpoint:
|
|
portgroups: *portgroupsdocker
|
|
beats_endpoint_ssl:
|
|
portgroups: *portgroupsdocker
|
|
endgame:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup0:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup1:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup2:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup3:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup4:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup5:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup6:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup7:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup8:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup9:
|
|
portgroups: *portgroupsdocker
|
|
INPUT:
|
|
hostgroups:
|
|
anywhere:
|
|
portgroups: *portgroupshost
|
|
dockernet:
|
|
portgroups: *portgroupshost
|
|
localhost:
|
|
portgroups: *portgroupshost
|
|
customhostgroup0:
|
|
portgroups: *portgroupshost
|
|
customhostgroup1:
|
|
portgroups: *portgroupshost
|
|
customhostgroup2:
|
|
portgroups: *portgroupshost
|
|
customhostgroup3:
|
|
portgroups: *portgroupshost
|
|
customhostgroup4:
|
|
portgroups: *portgroupshost
|
|
customhostgroup5:
|
|
portgroups: *portgroupshost
|
|
customhostgroup6:
|
|
portgroups: *portgroupshost
|
|
customhostgroup7:
|
|
portgroups: *portgroupshost
|
|
customhostgroup8:
|
|
portgroups: *portgroupshost
|
|
customhostgroup9:
|
|
portgroups: *portgroupshost
|
|
|
|
idh:
|
|
chain:
|
|
DOCKER-USER:
|
|
hostgroups:
|
|
customhostgroup0:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup1:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup2:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup3:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup4:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup5:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup6:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup7:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup8:
|
|
portgroups: *portgroupsdocker
|
|
customhostgroup9:
|
|
portgroups: *portgroupsdocker
|
|
INPUT:
|
|
hostgroups:
|
|
anywhere:
|
|
portgroups: *portgroupshost
|
|
dockernet:
|
|
portgroups: *portgroupshost
|
|
localhost:
|
|
portgroups: *portgroupshost
|
|
manager:
|
|
portgroups: *portgroupshost
|
|
managersearch:
|
|
portgroups: *portgroupshost
|
|
standalone:
|
|
portgroups: *portgroupshost
|
|
customhostgroup0:
|
|
portgroups: *portgroupshost
|
|
customhostgroup1:
|
|
portgroups: *portgroupshost
|
|
customhostgroup2:
|
|
portgroups: *portgroupshost
|
|
customhostgroup3:
|
|
portgroups: *portgroupshost
|
|
customhostgroup4:
|
|
portgroups: *portgroupshost
|
|
customhostgroup5:
|
|
portgroups: *portgroupshost
|
|
customhostgroup6:
|
|
portgroups: *portgroupshost
|
|
customhostgroup7:
|
|
portgroups: *portgroupshost
|
|
customhostgroup8:
|
|
portgroups: *portgroupshost
|
|
customhostgroup9:
|
|
portgroups: *portgroupshost
|