Merge pull request #101 from Security-Onion-Solutions/dev

merge dev to 2.4
Security-Onion-Solutions · May 31, 2024 · 44e1ad3 · 44e1ad3
2 parents ac0e365 + aaa1b24
commit 44e1ad3
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 3 deletions.
diff --git a/docker.rst b/docker.rst
@@ -64,7 +64,7 @@ By default, Docker configures its network bridge with an IP address of ``172.17.
 Containers
 ----------
 
-Our Docker containers all belong to a common Docker bridge network, called ``so-elastic-net``. Each container is also aliased, so that communication can occur between the different docker containers using said alias. For example, communication to the ``so-elasticsearch`` container would occur through an alias of ``elasticsearch``.
+Our Docker containers all belong to a common Docker bridge network, called ``sobridge``. Each container is also aliased, so that communication can occur between the different docker containers using said alias. For example, communication to the ``so-elasticsearch`` container would occur through an alias of ``elasticsearch``.
 
 You may come across interfaces in ``ifconfig`` with the format ``veth*``. These are the external interfaces for each of the Docker containers. These interfaces correspond to internal Docker container interfaces (within the Docker container itself).
 

diff --git a/firewall.rst b/firewall.rst
@@ -64,9 +64,13 @@ Elastic Agent:
 - TCP/8443 (All nodes to Manager) - Elastic Agent binary updates
 - TCP/5055 (All nodes to Manager, Fleet nodes, Receiver nodes) - Elastic Agent data
 
-Search nodes from/to Manager:
+Elastic cluster nodes (manager and all search nodes) to all other Elastic cluster nodes (manager and all search nodes):
 
+- TCP/9200 - Logstash connecting to :ref:`elasticsearch`
 - TCP/9300 - Node-to-node for :ref:`elasticsearch`
+
+Search nodes to Manager:
+
 - TCP/9696 - :ref:`redis`
 
 Elastic Fleet nodes to Manager:

diff --git a/notifications.rst b/notifications.rst
@@ -66,7 +66,12 @@ Once the alerter parameters are configured, as described above, the next step is
 
 Navigate to the :ref:`administration` -> Configuration screen. Next, locate the ``soc -> config -> server -> modules -> elastalertengine`` settings.
 
-In the **Additional Alerters** configuration setting, add the name of each alerter that should be activated, one alerter name per line. 
+In the **Additional Alerters** configuration setting, add the name of each alerter that should be activated, one alerter name per line. For example, to add both slack and email: 
+
+::
+
+  slack
+  email
 
 .. image:: images/config-item-soc-additionalAlerters.png
   :target: _images/config-item-soc-additionalAlerters.png