From 8c3743dbe0cdac90cea5830b53267184a3d051e2 Mon Sep 17 00:00:00 2001
From: Kiril KJiroski <kiril.kjiroski@finki.ukim.mk>
Date: Mon, 5 Sep 2022 08:38:02 +0000
Subject: [PATCH] Update install.md

---
 doc/install.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/doc/install.md b/doc/install.md
index 143be0c..5e4bb03 100644
--- a/doc/install.md
+++ b/doc/install.md
@@ -30,7 +30,15 @@ You can use configuration script named "configure.sh", located in the root folde
 * By default, following services are accessible only from internal docker network (172.22.0.0/16):
   * HAProxy Stats - Statistics about proxied services/tools and their availability. Generally, you want only a selected number of people to be able to view them.
   * ODFE - Direct access to ODFE Elasticsearch containers. Generally, you would need to access them only for debugging purposes.
-* By default, all SOCTools are accessible from the whole Internet. Since we are using certificates for all tools, except for Keycloak and User Management UI, you may want to restrict access to the last two. 
+* By default, all SOCTools are accessible from the whole Internet. If there is any doubt in the implemented security features, you may want to fine-tune port visibility. You can restrict access to following:
+  * Nifi Management - Web UI for managing Nifi flows. You may want to restrict access inside you organization.
+  * Nifi ports - ports used for accepting data from various sources. You may want to restrict access only to certain servers/devices in your network.
+  * Keycloak Management - Web UI for managing SOCTools Users. Increase security by restricting access only for administrator(s)
+  * TheHive - Web UI for TheHive. Usually don't want to restrict access.
+  * Cortex - Web UI for Cortex. Usually don't want to restrict access.
+  * MISP - Web UI for MISP. Usually don't want to restrict access.
+  * User Management UI - Web UI for creating and managing SOCTools users. Increase security by restricting access only for administrator(s)
+  * Kibana - Web UI for Kibana. Increase security by restricting access only for administrator(s)
 
 Edit roles/haproxy/files/stats_whitelist.lst in order to manually configure whitelist IP addresses for accessing various tools. You can use access.ips file found in the root folder as starting template.
 * `cat access.ips > roles/haproxy/files/stats_whitelist.lst`
-- 
GitLab