From b3a54e5e53d2ee679c0d6a21f40a3cee48d28314 Mon Sep 17 00:00:00 2001 From: fyodorr <38488235+fyodorr@users.noreply.github.com> Date: Fri, 31 May 2024 16:28:05 +0200 Subject: [PATCH 1/6] Update docker.rst Changed bridge name to sobridge, was so-elastic-net --- docker.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker.rst b/docker.rst index ec82970f..33d0a180 100644 --- a/docker.rst +++ b/docker.rst @@ -64,7 +64,7 @@ By default, Docker configures its network bridge with an IP address of ``172.17. Containers ---------- -Our Docker containers all belong to a common Docker bridge network, called ``so-elastic-net``. Each container is also aliased, so that communication can occur between the different docker containers using said alias. For example, communication to the ``so-elasticsearch`` container would occur through an alias of ``elasticsearch``. +Our Docker containers all belong to a common Docker bridge network, called ``sobridge``. Each container is also aliased, so that communication can occur between the different docker containers using said alias. For example, communication to the ``so-elasticsearch`` container would occur through an alias of ``elasticsearch``. You may come across interfaces in ``ifconfig`` with the format ``veth*``. These are the external interfaces for each of the Docker containers. These interfaces correspond to internal Docker container interfaces (within the Docker container itself). From 963655f05eec9f694f0ba0782434ff3b859edcf6 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Fri, 31 May 2024 11:05:39 -0400 Subject: [PATCH 2/6] update firewall --- firewall.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/firewall.rst b/firewall.rst index 9f288e6c..81027752 100644 --- a/firewall.rst +++ b/firewall.rst @@ -64,6 +64,9 @@ Elastic Agent: - TCP/8443 (All nodes to Manager) - Elastic Agent binary updates - TCP/5055 (All nodes to Manager, Fleet nodes, Receiver nodes) - Elastic Agent data +Search nodes to all Elastic cluster nodes (manager and all search nodes): +- TCP/9200 - Logstash connecting to :ref:`elasticsearch` + Search nodes from/to Manager: - TCP/9300 - Node-to-node for :ref:`elasticsearch` From 6aa95c1810bce41dd786334e44abaa6606013fb2 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Fri, 31 May 2024 11:14:19 -0400 Subject: [PATCH 3/6] fix formatting --- firewall.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/firewall.rst b/firewall.rst index 81027752..61b996d9 100644 --- a/firewall.rst +++ b/firewall.rst @@ -65,6 +65,7 @@ Elastic Agent: - TCP/5055 (All nodes to Manager, Fleet nodes, Receiver nodes) - Elastic Agent data Search nodes to all Elastic cluster nodes (manager and all search nodes): + - TCP/9200 - Logstash connecting to :ref:`elasticsearch` Search nodes from/to Manager: From 50ca1899d04cccf615ee232272a5bc9077e32c27 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Fri, 31 May 2024 11:24:54 -0400 Subject: [PATCH 4/6] update firewall --- firewall.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/firewall.rst b/firewall.rst index 61b996d9..08762d87 100644 --- a/firewall.rst +++ b/firewall.rst @@ -64,13 +64,13 @@ Elastic Agent: - TCP/8443 (All nodes to Manager) - Elastic Agent binary updates - TCP/5055 (All nodes to Manager, Fleet nodes, Receiver nodes) - Elastic Agent data -Search nodes to all Elastic cluster nodes (manager and all search nodes): +Elastic cluster nodes (manager and all search nodes) to all other Elastic cluster nodes (manager and all search nodes): - TCP/9200 - Logstash connecting to :ref:`elasticsearch` +- TCP/9300 - Node-to-node for :ref:`elasticsearch` -Search nodes from/to Manager: +Search nodes to Manager: -- TCP/9300 - Node-to-node for :ref:`elasticsearch` - TCP/9696 - :ref:`redis` Elastic Fleet nodes to Manager: From 298972f9f99ca5ef53b6d7539292cb7dd45edd3c Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 31 May 2024 12:51:26 -0400 Subject: [PATCH 5/6] show example of notification alerters enabled --- notifications.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/notifications.rst b/notifications.rst index 01bf93c0..5d2d0b38 100644 --- a/notifications.rst +++ b/notifications.rst @@ -68,6 +68,11 @@ Navigate to the :ref:`administration` -> Configuration screen. Next, locate the In the **Additional Alerters** configuration setting, add the name of each alerter that should be activated, one alerter name per line. +:: + + slack + email + .. image:: images/config-item-soc-additionalAlerters.png :target: _images/config-item-soc-additionalAlerters.png From aaa1b248e8baa36f84fe1ffab0c9e010e3946467 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Fri, 31 May 2024 13:00:17 -0400 Subject: [PATCH 6/6] update notifications --- notifications.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notifications.rst b/notifications.rst index 5d2d0b38..c09e47ce 100644 --- a/notifications.rst +++ b/notifications.rst @@ -66,7 +66,7 @@ Once the alerter parameters are configured, as described above, the next step is Navigate to the :ref:`administration` -> Configuration screen. Next, locate the ``soc -> config -> server -> modules -> elastalertengine`` settings. -In the **Additional Alerters** configuration setting, add the name of each alerter that should be activated, one alerter name per line. +In the **Additional Alerters** configuration setting, add the name of each alerter that should be activated, one alerter name per line. For example, to add both slack and email: ::