2023-12-15 04:43:59 +00:00
|
|
|
package common
|
|
|
|
|
2023-12-19 23:25:17 +00:00
|
|
|
type DomInfo struct {
|
|
|
|
Vendor string
|
|
|
|
TTL uint32
|
|
|
|
}
|
|
|
|
|
|
|
|
var Domains = map[string]DomInfo{
|
2023-12-15 04:43:59 +00:00
|
|
|
// Microsoft Defender for Endpoint
|
|
|
|
//https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus?view=o365-worldwide#services-and-urls
|
2023-12-19 23:25:17 +00:00
|
|
|
"ussus2westprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60},
|
2024-02-16 23:51:44 +00:00
|
|
|
"download.microsoft.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 3600}, // dynamic
|
|
|
|
"go.microsoft.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 1600}, // dynamic
|
2023-12-19 23:25:17 +00:00
|
|
|
"ussus1westprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60},
|
|
|
|
"wsus2westprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60},
|
2024-02-16 23:51:44 +00:00
|
|
|
"security.microsoft.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 3600},
|
2023-12-19 23:25:17 +00:00
|
|
|
"wseu1northprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60},
|
|
|
|
"wsus2eastprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60},
|
|
|
|
"ussus3westprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60},
|
|
|
|
"wsus1eastprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60},
|
|
|
|
"wsuk1westprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60},
|
|
|
|
"ussus2eastprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60},
|
2024-02-16 23:51:44 +00:00
|
|
|
"settings-win.data.microsoft.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 3600}, // dynamic
|
2023-12-19 23:25:17 +00:00
|
|
|
"usseu1northprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60},
|
|
|
|
"wsus1westprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60},
|
|
|
|
"usseu1westprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60},
|
|
|
|
"ussus1eastprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60},
|
|
|
|
"ussuk1westprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60},
|
|
|
|
"ctldl.windowsupdate.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 980},
|
|
|
|
"ussus4eastprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60},
|
|
|
|
"vortex-win.data.microsoft.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 120},
|
|
|
|
"wseu1westprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60},
|
|
|
|
"ussuk1southprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60},
|
|
|
|
"windowsupdate.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 300},
|
|
|
|
"ussus3eastprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60},
|
|
|
|
"ussus4westprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60},
|
|
|
|
"wsuk1southprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60},
|
2023-12-15 04:43:59 +00:00
|
|
|
|
|
|
|
// VMWare Carbon Black
|
|
|
|
// https://developer.carbonblack.com/reference/carbon-black-cloud/authentication/#index-of-base-urls
|
2023-12-19 23:25:17 +00:00
|
|
|
"defense-prod05.conferdeploy.net": DomInfo{Vendor: "VMWare Carbon Black", TTL: 60},
|
|
|
|
"console.cloud.vmware.com": DomInfo{Vendor: "VMWare Carbon Black", TTL: 60},
|
|
|
|
"updates2.cdc.carbonblack.io": DomInfo{Vendor: "VMWare Carbon Black", TTL: 60},
|
|
|
|
"dashboard.confer.net": DomInfo{Vendor: "VMWare Carbon Black", TTL: 300},
|
|
|
|
"console.cloud-us-gov.vmware.com": DomInfo{Vendor: "VMWare Carbon Black", TTL: 300},
|
|
|
|
"ew2.carbonblackcloud.vmware.com": DomInfo{Vendor: "VMWare Carbon Black", TTL: 300},
|
|
|
|
"defense.conferdeploy.net": DomInfo{Vendor: "VMWare Carbon Black", TTL: 60},
|
|
|
|
"carbonblack.io": DomInfo{Vendor: "VMWare Carbon Black", TTL: 60},
|
|
|
|
"carbonblack.vmware.com": DomInfo{Vendor: "VMWare Carbon Black", TTL: 3600},
|
|
|
|
"defense-prodnrt.conferdeploy.net": DomInfo{Vendor: "VMWare Carbon Black", TTL: 60},
|
|
|
|
"updates.cdc.carbonblack.io": DomInfo{Vendor: "VMWare Carbon Black", TTL: 60},
|
|
|
|
"gprd1usgw1.carbonblack-us-gov.vmware.com": DomInfo{Vendor: "VMWare Carbon Black", TTL: 3600},
|
|
|
|
"defense-prodsyd.conferdeploy.net": DomInfo{Vendor: "VMWare Carbon Black", TTL: 60},
|
|
|
|
"carbonblack.com": DomInfo{Vendor: "VMWare Carbon Black", TTL: 300},
|
|
|
|
"defense-eap01.conferdeploy.net": DomInfo{Vendor: "VMWare Carbon Black", TTL: 60},
|
|
|
|
"defense-eu.conferdeploy.net": DomInfo{Vendor: "VMWare Carbon Black", TTL: 60},
|
2023-12-15 04:43:59 +00:00
|
|
|
|
|
|
|
// CrowdStrike Falcon
|
|
|
|
// https://www.dell.com/support/kbdoc/en-us/000177899/crowdstrike-falcon-sensor-system-requirements
|
2023-12-19 23:25:17 +00:00
|
|
|
"falcon.us-2.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 120},
|
|
|
|
"falcon.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60},
|
|
|
|
"ts01-gyr-maverick.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800},
|
|
|
|
"us-gov-2.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 900},
|
|
|
|
"api.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 300},
|
|
|
|
"ts01-b.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800},
|
|
|
|
"firehose.us-gov-2.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60},
|
|
|
|
"assets.falcon.eu-1.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 120},
|
|
|
|
"api.eu-1.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 120},
|
|
|
|
"lfodown01-b.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800},
|
|
|
|
"assets-public.falcon.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60},
|
|
|
|
"assets.falcon.us-2.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 120},
|
|
|
|
"api.us-2.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 120},
|
|
|
|
"assets-public.us-2.falcon.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 120},
|
|
|
|
"firehose.laggar.gcw.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60},
|
|
|
|
"ts01-lanner-lion.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800},
|
|
|
|
"lfoup01-lanner-lion.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800},
|
|
|
|
"assets-public.falcon.eu-1.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 120},
|
|
|
|
"crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 300},
|
|
|
|
"lfoup01-gyr-maverick.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800},
|
|
|
|
"lfoup01-b.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800},
|
|
|
|
"ts01-laggar-gcw.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60},
|
|
|
|
"falconhose-laggar01-g-720386815.us-gov-west-1.elb.amazonaws.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60},
|
|
|
|
"ts01-us-gov-2.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800},
|
|
|
|
"laggar-falconui01-g-245478519.us-gov-west-1.elb.amazonaws.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60},
|
|
|
|
"assets.falcon.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60},
|
|
|
|
"lfodown01-lanner-lion.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800},
|
|
|
|
"falcon.laggar.gcw.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60},
|
|
|
|
"firehose.us-2.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 120},
|
|
|
|
"firehose.eu-1.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 120},
|
|
|
|
"lfodown01-laggar-gcw.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60},
|
|
|
|
"api.laggar.gcw.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60},
|
|
|
|
"lfodown01-gyr-maverick.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800},
|
|
|
|
"lfodown01-us-gov-2.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800},
|
|
|
|
"sensorproxy-laggar-g-524628337.us-gov-west-1.elb.amazonaws.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60},
|
|
|
|
"firehose.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 300},
|
|
|
|
"ELB-Laggar-P-LFO-DOWNLOAD-1265997121.us-gov-west-1.elb.amazonaws.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60},
|
2023-12-15 04:43:59 +00:00
|
|
|
|
|
|
|
// Harmony / CheckPoint
|
|
|
|
// https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116590
|
2023-12-19 23:25:17 +00:00
|
|
|
"rep.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800},
|
|
|
|
"threat-emulation.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800},
|
|
|
|
"epmgmt.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 900},
|
|
|
|
"sc1.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800},
|
2024-02-16 23:51:44 +00:00
|
|
|
"gwevents.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800},
|
|
|
|
"gwevents.us.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 180},
|
2023-12-19 23:25:17 +00:00
|
|
|
"endpoint-cdn.epmgmt.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 300},
|
2024-02-16 23:51:44 +00:00
|
|
|
"checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 39},
|
2023-12-19 23:25:17 +00:00
|
|
|
"iaas.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 900},
|
|
|
|
"kav8.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800},
|
|
|
|
"cloudinfra-gw.portal.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 60},
|
|
|
|
"datatube-prod.azurewebsites.net": DomInfo{Vendor: "CheckPoint Harmony", TTL: 30},
|
|
|
|
"updates.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800},
|
|
|
|
"ep-repo.epmgmt.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 300},
|
|
|
|
"file-rep.iaas.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 60},
|
|
|
|
"threatcloud.iaas.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 60},
|
|
|
|
"dl3.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800},
|
|
|
|
"secureupdates.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800},
|
|
|
|
"epm-gw-eu.epmgmt.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 86400},
|
|
|
|
"url-rep.iaas.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 60},
|
|
|
|
"te.iaas.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 60},
|
|
|
|
"services.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800},
|
|
|
|
"europe-west1-datatube-240519.cloudfunctions.net": DomInfo{Vendor: "CheckPoint Harmony", TTL: 300},
|
|
|
|
"cws.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800},
|
|
|
|
"teadv.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800},
|
|
|
|
"us-east4-chkp-gcp-rnd-threat-hunt-box.cloudfunctions.net": DomInfo{Vendor: "CheckPoint Harmony", TTL: 300},
|
|
|
|
"te.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800},
|
2023-12-15 04:43:59 +00:00
|
|
|
|
|
|
|
// Cybereason
|
|
|
|
// https://docs.cybereason.com/en/latest/cloud_deploy/enablecommunication.html
|
2023-12-19 23:25:17 +00:00
|
|
|
"data-epgw-eu-west-1.cybereason.net": DomInfo{Vendor: "Cybereason", TTL: 300},
|
|
|
|
"probe-dist-asia-northeast-1.cybereason.net": DomInfo{Vendor: "Cybereason", TTL: 60},
|
|
|
|
"data-epgw-asia-northeast-1.cybereason.net": DomInfo{Vendor: "Cybereason", TTL: 300},
|
|
|
|
"probe-dist.cybereason.net": DomInfo{Vendor: "Cybereason", TTL: 300},
|
|
|
|
"probe-dist-eu-west-1.cybereason.net": DomInfo{Vendor: "Cybereason", TTL: 300},
|
|
|
|
"data-epgw.cybereason.net": DomInfo{Vendor: "Cybereason", TTL: 300},
|
|
|
|
"cybereason.com": DomInfo{Vendor: "Cybereason", TTL: 300},
|
2023-12-15 04:43:59 +00:00
|
|
|
|
|
|
|
// FireEye / Trellix
|
|
|
|
// https://kcm.trellix.com/corporate/index?page=content&id=KB90878
|
2023-12-19 23:25:17 +00:00
|
|
|
"manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 900},
|
|
|
|
"cds-usw001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"sw-eu001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"cdn-usw002.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"sw-ind001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"cdn-usw001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"cdn-usw003.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"auth.ui.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"uam.api.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"cds-usw002.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"sw-usw003.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"sw-usw004.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 300},
|
|
|
|
"dxlweb-usw001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"cds-usw003.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"cdn-sgp001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"dxlweb-usw002.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"cdn-ind001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"dxl-usw002.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"sw-usw001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"dxl-usw001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"dxlweb-usw003.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"cds-usw004.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"cdn-au001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"sw-usw002.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"api.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"sw-sgp001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"dxlweb-usw004.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"cdn-usw004.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"sw-au001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"dxl-usw004.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"dxl-usw003.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
|
|
|
"cdn-eu001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60},
|
2023-12-15 04:43:59 +00:00
|
|
|
|
|
|
|
// Cortex XDR / Palo Alto Networks
|
|
|
|
// https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Resources-Required-to-Enable-Access
|
2023-12-19 23:25:17 +00:00
|
|
|
"panw-xdr-evr-prod-au.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300},
|
|
|
|
"lrc-eu.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400},
|
|
|
|
"global-content-profiles-policy.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300},
|
|
|
|
"panw-xdr-evr-prod-uk.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300},
|
|
|
|
"lrc-ch.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400},
|
|
|
|
"lrc-jp.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400},
|
|
|
|
"panw-xdr-evr-prod-qt.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300},
|
|
|
|
"panw-xdr-evr-prod-pl.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300},
|
|
|
|
"pendo-static-5664029141630976.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300},
|
|
|
|
"panw-xdr-evr-prod-sg.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300},
|
|
|
|
"lrc-uk.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400},
|
|
|
|
"lrc-us.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400},
|
|
|
|
"lrc-tw.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 1800},
|
|
|
|
"panw-xdr-evr-prod-eu.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300},
|
|
|
|
"lrc-ca.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400},
|
|
|
|
"paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 30},
|
|
|
|
"lrc-fa.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 30},
|
|
|
|
"panw-xdr-evr-prod-in.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300},
|
|
|
|
"panw-xdr-evr-prod-fa.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300},
|
|
|
|
"panw-xdr-evr-prod-ca.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300},
|
|
|
|
"lrc-pl.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400},
|
|
|
|
"lrc-qt.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300},
|
|
|
|
"panw-xdr-evr-prod-us.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300},
|
|
|
|
"lrc-de.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300},
|
|
|
|
"panw-xdr-installers-prod-us.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300},
|
|
|
|
"panw-xdr-evr-prod-ch.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300},
|
|
|
|
"lrc-in.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400},
|
|
|
|
"panw-xdr-evr-prod-de.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300},
|
|
|
|
"lrc-au.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400},
|
|
|
|
"panw-xdr-evr-prod-tw.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300},
|
|
|
|
"login.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400},
|
|
|
|
"lrc-sg.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400},
|
|
|
|
"panw-xdr-evr-prod-jp.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300},
|
|
|
|
"panw-xdr-payloads-prod-us.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300},
|
2023-12-15 04:43:59 +00:00
|
|
|
|
|
|
|
// Singularity / SentinelOne
|
2023-12-19 23:25:17 +00:00
|
|
|
"eu1-oauth.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300},
|
|
|
|
"eu1-qi.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300},
|
|
|
|
"console.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300},
|
|
|
|
"sentinelone.com": DomInfo{Vendor: "SentinelOne", TTL: 300},
|
|
|
|
"eu1-console.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300},
|
|
|
|
"eu1-content.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300},
|
|
|
|
"panel.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300},
|
|
|
|
"oauth.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300},
|
|
|
|
"xdr.intus1.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 60},
|
|
|
|
"eu1-device-api.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300},
|
|
|
|
"eu1-vpc.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300},
|
|
|
|
"eu1-acceptor.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300},
|
|
|
|
"login.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300},
|
|
|
|
"device-api.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300},
|
|
|
|
"eu1-panel.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300},
|
|
|
|
"eu1-token.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300},
|
|
|
|
"content.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300},
|
|
|
|
"ut.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300},
|
2023-12-15 04:43:59 +00:00
|
|
|
|
|
|
|
// Symantec / Broadcom
|
|
|
|
// https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-detection-and-response/4-7/about-v96380626-d38e6/required-firewall-ports-v97213154-d38e5602.html
|
2023-12-19 23:25:17 +00:00
|
|
|
"remotetunnel5.edrc.symantec.com": DomInfo{Vendor: "Symantec", TTL: 600},
|
|
|
|
"remotetunnel1.edrc.symantec.com": DomInfo{Vendor: "Symantec", TTL: 600},
|
|
|
|
"remotetunnel3.edrc.symantec.com": DomInfo{Vendor: "Symantec", TTL: 600},
|
|
|
|
"bash-avpg.crsi.symantec.com": DomInfo{Vendor: "Symantec", TTL: 3600},
|
|
|
|
"remotetunnel2.edrc.symantec.com": DomInfo{Vendor: "Symantec", TTL: 600},
|
|
|
|
"central.b6.crsi.symantec.com": DomInfo{Vendor: "Symantec", TTL: 3600},
|
|
|
|
"stnd-ipsg.crsi.symantec.com": DomInfo{Vendor: "Symantec", TTL: 3600},
|
|
|
|
"datafeedapi.symanteccloud.com": DomInfo{Vendor: "Symantec", TTL: 300},
|
|
|
|
"stnd-avpg.crsi.symantec.com": DomInfo{Vendor: "Symantec", TTL: 3600},
|
|
|
|
"shasta-rrs.symantec.com": DomInfo{Vendor: "Symantec", TTL: 3600},
|
|
|
|
"remotetunnel4.edrc.symantec.com": DomInfo{Vendor: "Symantec", TTL: 600},
|
2024-02-16 23:51:44 +00:00
|
|
|
"liveupdate.symantec.com": DomInfo{Vendor: "Symantec", TTL: 3600},
|
2023-12-19 23:25:17 +00:00
|
|
|
"sso1.edrc.symantec.com": DomInfo{Vendor: "Symantec", TTL: 600},
|
|
|
|
"shasta-mrs.symantec.com": DomInfo{Vendor: "Symantec", TTL: 3600},
|
|
|
|
"telemetry.broadcom.com": DomInfo{Vendor: "Symantec", TTL: 3600},
|
|
|
|
"ratings-wrs.symantec.com": DomInfo{Vendor: "Symantec", TTL: 3600},
|
|
|
|
"api-gateway.symantec.com": DomInfo{Vendor: "Symantec", TTL: 3600},
|
|
|
|
"swupdate.brightmail.com": DomInfo{Vendor: "Symantec", TTL: 3600},
|
|
|
|
"symantec.com": DomInfo{Vendor: "Symantec", TTL: 600},
|
2023-12-15 04:43:59 +00:00
|
|
|
|
|
|
|
// Tanium
|
2023-12-19 23:25:17 +00:00
|
|
|
"docs-es.tanium.com": DomInfo{Vendor: "Tanium", TTL: 300},
|
|
|
|
"prd-us-1-manage.mdm.cloud.tanium.com": DomInfo{Vendor: "Tanium", TTL: 900},
|
|
|
|
"docs-ko.tanium.com": DomInfo{Vendor: "Tanium", TTL: 300},
|
|
|
|
"tanium.com": DomInfo{Vendor: "Tanium", TTL: 300},
|
|
|
|
"prd-int.mdm.cloud.tanium.com": DomInfo{Vendor: "Tanium", TTL: 900},
|
|
|
|
"shared.prd-int.mdm.cloud.tanium.com": DomInfo{Vendor: "Tanium", TTL: 900},
|
|
|
|
"prd.mdm.cloud.tanium.com": DomInfo{Vendor: "Tanium", TTL: 900},
|
|
|
|
"jp.tanium.com": DomInfo{Vendor: "Tanium", TTL: 300},
|
|
|
|
"docs-fr.tanium.com": DomInfo{Vendor: "Tanium", TTL: 300},
|
|
|
|
"shared.prd-us-1-manage.mdm.cloud.tanium.com": DomInfo{Vendor: "Tanium", TTL: 900},
|
|
|
|
"shared.prd-us-1.mdm.cloud.tanium.com": DomInfo{Vendor: "Tanium", TTL: 900},
|
|
|
|
"prd-int-manage.mdm.cloud.tanium.com": DomInfo{Vendor: "Tanium", TTL: 900},
|
|
|
|
"prd-us-1.mdm.cloud.tanium.com": DomInfo{Vendor: "Tanium", TTL: 300},
|
|
|
|
"shared.prd-int-manage.mdm.cloud.tanium.com": DomInfo{Vendor: "Tanium", TTL: 300},
|
2023-12-15 04:43:59 +00:00
|
|
|
|
|
|
|
// Aurora
|
|
|
|
// https://aurora-agent-manual.nextron-systems.com/en/latest/usage/upgrade-and-updates.html
|
2023-12-19 23:25:17 +00:00
|
|
|
"update-aurora.nextron-systems.com": DomInfo{Vendor: "Nextron Aurora", TTL: 60},
|
|
|
|
"update-102.nextron-systems.com": DomInfo{Vendor: "Nextron Aurora", TTL: 60},
|
|
|
|
"update-202.nextron-systems.com": DomInfo{Vendor: "Nextron Aurora", TTL: 60},
|
|
|
|
"update-201.nextron-systems.com": DomInfo{Vendor: "Nextron Aurora", TTL: 60},
|
|
|
|
"update-lite.nextron-systems.com": DomInfo{Vendor: "Nextron Aurora", TTL: 60},
|
2023-12-15 04:43:59 +00:00
|
|
|
|
|
|
|
// Trend Micro
|
|
|
|
// https://docs.trendmicro.com/en-us/documentation/article/deep-discovery-director-(consolidated-mode)-53-online-help-service-addresses-an_002
|
|
|
|
// https://cloudone.trendmicro.com/docs/workload-security/communication-ports-urls-ip/
|
2023-12-19 23:25:17 +00:00
|
|
|
"xdr.trendmicro.co.jp": DomInfo{Vendor: "Trend Micro", TTL: 60},
|
|
|
|
"files.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 1800},
|
|
|
|
"api.nacloud.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 60},
|
|
|
|
"cloudone.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 60},
|
|
|
|
"ddd53-p.activeupdate.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 1800},
|
|
|
|
"trenddefense.com": DomInfo{Vendor: "Trend Micro", TTL: 300},
|
|
|
|
"threatconnect.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 1800},
|
|
|
|
"api.sg.nacloud.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 60},
|
|
|
|
"trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 1800},
|
|
|
|
"api.jp.nacloud.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 60},
|
|
|
|
"api.eu.nacloud.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 60},
|
2024-02-16 23:51:44 +00:00
|
|
|
"docs.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 1800},
|
2023-12-19 23:25:17 +00:00
|
|
|
"api.us.nacloud.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 60},
|
|
|
|
"ddd53-threatconnect.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 1800},
|
|
|
|
"licenseupdate.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 1800},
|
|
|
|
"xdr.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 60},
|
2024-02-16 20:24:46 +00:00
|
|
|
|
|
|
|
// Rapid7 InsightIDR
|
|
|
|
// https://docs.rapid7.com/insightidr/ports-used-by-insightidr
|
|
|
|
"data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 60},
|
|
|
|
"us2.data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30},
|
|
|
|
"us3.data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30},
|
|
|
|
"eu.data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30},
|
|
|
|
"ca.data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30},
|
|
|
|
"au.data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30},
|
|
|
|
"ap.data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30},
|
|
|
|
"endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
|
|
|
|
"us2.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
|
|
|
|
"us3.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
|
|
|
|
"eu.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
|
|
|
|
"ca.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
|
|
|
|
"au.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
|
|
|
|
"ap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
|
|
|
|
"us.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
|
|
|
|
"us.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
|
|
|
|
"us2.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
|
|
|
|
"us2.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
|
|
|
|
"us3.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
|
|
|
|
"us3.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
|
|
|
|
"eu.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
|
|
|
|
"eu.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
|
|
|
|
"ca.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
|
|
|
|
"ca.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
|
|
|
|
"au.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
|
|
|
|
"au.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
|
|
|
|
"ap.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
|
|
|
|
"ap.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
|
2023-12-15 04:43:59 +00:00
|
|
|
}
|