diff --git a/docker.rst b/docker.rst index ec82970f..33d0a180 100644 --- a/docker.rst +++ b/docker.rst @@ -64,7 +64,7 @@ By default, Docker configures its network bridge with an IP address of ``172.17. Containers ---------- -Our Docker containers all belong to a common Docker bridge network, called ``so-elastic-net``. Each container is also aliased, so that communication can occur between the different docker containers using said alias. For example, communication to the ``so-elasticsearch`` container would occur through an alias of ``elasticsearch``. +Our Docker containers all belong to a common Docker bridge network, called ``sobridge``. Each container is also aliased, so that communication can occur between the different docker containers using said alias. For example, communication to the ``so-elasticsearch`` container would occur through an alias of ``elasticsearch``. You may come across interfaces in ``ifconfig`` with the format ``veth*``. These are the external interfaces for each of the Docker containers. These interfaces correspond to internal Docker container interfaces (within the Docker container itself). diff --git a/firewall.rst b/firewall.rst index 9f288e6c..08762d87 100644 --- a/firewall.rst +++ b/firewall.rst @@ -64,9 +64,13 @@ Elastic Agent: - TCP/8443 (All nodes to Manager) - Elastic Agent binary updates - TCP/5055 (All nodes to Manager, Fleet nodes, Receiver nodes) - Elastic Agent data -Search nodes from/to Manager: +Elastic cluster nodes (manager and all search nodes) to all other Elastic cluster nodes (manager and all search nodes): +- TCP/9200 - Logstash connecting to :ref:`elasticsearch` - TCP/9300 - Node-to-node for :ref:`elasticsearch` + +Search nodes to Manager: + - TCP/9696 - :ref:`redis` Elastic Fleet nodes to Manager: diff --git a/notifications.rst b/notifications.rst index 01bf93c0..c09e47ce 100644 --- a/notifications.rst +++ b/notifications.rst @@ -66,7 +66,12 @@ Once the alerter parameters are configured, as described above, the next step is Navigate to the :ref:`administration` -> Configuration screen. Next, locate the ``soc -> config -> server -> modules -> elastalertengine`` settings. -In the **Additional Alerters** configuration setting, add the name of each alerter that should be activated, one alerter name per line. +In the **Additional Alerters** configuration setting, add the name of each alerter that should be activated, one alerter name per line. For example, to add both slack and email: + +:: + + slack + email .. image:: images/config-item-soc-additionalAlerters.png :target: _images/config-item-soc-additionalAlerters.png