delorean
/
patdown
2
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Added Rapid7 InsightIDR support

This commit is contained in:
delorean 2024-02-16 14:24:46 -06:00
parent 6a13895b36
commit 9b2fe1a3f2
Signed by: delorean
GPG Key ID: 08CFF8565BE941CD
2 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
common/console.go
View File

@ -63,6 +63,7 @@ var Vendors = map[string]string{
"Tanium": "\033[31mTanium\033[0m",
"Nextron Aurora": "\033[36mNextron\033[0m \033[90mAurora\033[0m",
"Trend Micro": "\033[31mTrend\033[0m \033[1mMicro\033[0m",
"Rapid7 InsightIDR": "\033[97mRapid\033[0m\033[91m7\033[0m \033[97mInsightIDR\033[0m",
}
func Success(msg string) {

31
common/ref.go
View File

@ -293,4 +293,35 @@ var Domains = map[string]DomInfo{
"ddd53-threatconnect.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 1800},
"licenseupdate.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 1800},
"xdr.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 60},
// Rapid7 InsightIDR
// https://docs.rapid7.com/insightidr/ports-used-by-insightidr
"data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 60},
"us2.data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30},
"us3.data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30},
"eu.data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30},
"ca.data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30},
"au.data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30},
"ap.data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30},
"endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
"us2.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
"us3.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
"eu.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
"ca.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
"au.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
"ap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
"us.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
"us.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
"us2.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
"us2.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
"us3.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
"us3.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
"eu.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
"eu.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
"ca.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
"ca.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
"au.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
"au.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
"ap.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
"ap.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
}