package common type DomInfo struct { Vendor string TTL uint32 } var Domains = map[string]DomInfo{ // Microsoft Defender for Endpoint // https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus?view=o365-worldwide#services-and-urls "download.microsoft.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 3600}, // dynamic "go.microsoft.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 1600}, // dynamic "security.microsoft.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 3600}, "settings-win.data.microsoft.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 3600}, // dynamic "windowsupdate.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 300}, "ctldl.windowsupdate.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 1800}, "wdcp.microsoft.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 3600}, "wd.microsoft.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 300}, "wdcpalt.microsoft.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 3600}, "checkappexec.microsoft.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 3600}, "smartscreen-prod.microsoft.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 3600}, "vortex-win.data.microsoft.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 120}, "update.microsoft.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 3600}, "download.windowsupdate.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 300}, "definitionupdates.microsoft.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 300}, "delivery.mp.microsoft.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 300}, "fe3cr.delivery.mp.microsoft.com": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 3600}, "ussus2westprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60}, "ussus1westprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60}, "wsus2westprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60}, "wseu1northprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60}, "wsus2eastprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60}, "ussus3westprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60}, "wsus1eastprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60}, "wsuk1westprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60}, "ussus2eastprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60}, "usseu1northprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60}, "wsus1westprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60}, "usseu1westprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60}, "ussus1eastprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60}, "ussuk1westprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60}, "ussus4eastprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60}, "wseu1westprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60}, "ussuk1southprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60}, "ussus3eastprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60}, "ussus4westprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60}, "wsuk1southprod.blob.core.windows.net": DomInfo{Vendor: "Microsoft Defender for Endpoint", TTL: 60}, // VMWare Carbon Black // https://developer.carbonblack.com/reference/carbon-black-cloud/authentication/#index-of-base-urls "defense-prod05.conferdeploy.net": DomInfo{Vendor: "VMWare Carbon Black", TTL: 60}, "console.cloud.vmware.com": DomInfo{Vendor: "VMWare Carbon Black", TTL: 60}, "updates2.cdc.carbonblack.io": DomInfo{Vendor: "VMWare Carbon Black", TTL: 60}, "dashboard.confer.net": DomInfo{Vendor: "VMWare Carbon Black", TTL: 300}, "console.cloud-us-gov.vmware.com": DomInfo{Vendor: "VMWare Carbon Black", TTL: 300}, "ew2.carbonblackcloud.vmware.com": DomInfo{Vendor: "VMWare Carbon Black", TTL: 300}, "defense.conferdeploy.net": DomInfo{Vendor: "VMWare Carbon Black", TTL: 60}, "carbonblack.io": DomInfo{Vendor: "VMWare Carbon Black", TTL: 60}, "carbonblack.vmware.com": DomInfo{Vendor: "VMWare Carbon Black", TTL: 3600}, "defense-prodnrt.conferdeploy.net": DomInfo{Vendor: "VMWare Carbon Black", TTL: 60}, "updates.cdc.carbonblack.io": DomInfo{Vendor: "VMWare Carbon Black", TTL: 60}, "gprd1usgw1.carbonblack-us-gov.vmware.com": DomInfo{Vendor: "VMWare Carbon Black", TTL: 3600}, "defense-prodsyd.conferdeploy.net": DomInfo{Vendor: "VMWare Carbon Black", TTL: 60}, "carbonblack.com": DomInfo{Vendor: "VMWare Carbon Black", TTL: 300}, "defense-eap01.conferdeploy.net": DomInfo{Vendor: "VMWare Carbon Black", TTL: 60}, "defense-eu.conferdeploy.net": DomInfo{Vendor: "VMWare Carbon Black", TTL: 60}, // CrowdStrike Falcon // https://www.dell.com/support/kbdoc/en-us/000177899/crowdstrike-falcon-sensor-system-requirements "falcon.us-2.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 120}, "falcon.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60}, "ts01-gyr-maverick.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800}, "us-gov-2.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 900}, "api.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 300}, "ts01-b.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800}, "firehose.us-gov-2.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60}, "assets.falcon.eu-1.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 120}, "api.eu-1.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 120}, "lfodown01-b.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800}, "assets-public.falcon.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60}, "assets.falcon.us-2.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 120}, "api.us-2.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 120}, "assets-public.us-2.falcon.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 120}, "firehose.laggar.gcw.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60}, "ts01-lanner-lion.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800}, "lfoup01-lanner-lion.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800}, "assets-public.falcon.eu-1.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 120}, "crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 300}, "lfoup01-gyr-maverick.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800}, "lfoup01-b.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800}, "ts01-laggar-gcw.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60}, "falconhose-laggar01-g-720386815.us-gov-west-1.elb.amazonaws.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60}, "ts01-us-gov-2.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800}, "laggar-falconui01-g-245478519.us-gov-west-1.elb.amazonaws.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60}, "assets.falcon.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60}, "lfodown01-lanner-lion.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800}, "falcon.laggar.gcw.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60}, "firehose.us-2.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 120}, "firehose.eu-1.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 120}, "lfodown01-laggar-gcw.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60}, "api.laggar.gcw.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60}, "lfodown01-gyr-maverick.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800}, "lfodown01-us-gov-2.cloudsink.net": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 1800}, "sensorproxy-laggar-g-524628337.us-gov-west-1.elb.amazonaws.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60}, "firehose.crowdstrike.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 300}, "ELB-Laggar-P-LFO-DOWNLOAD-1265997121.us-gov-west-1.elb.amazonaws.com": DomInfo{Vendor: "CrowdStrike Falcon", TTL: 60}, // Harmony / CheckPoint // https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116590 "rep.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800}, "threat-emulation.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800}, "epmgmt.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 900}, "sc1.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800}, "gwevents.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800}, "gwevents.us.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 180}, "endpoint-cdn.epmgmt.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 300}, "checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 39}, "iaas.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 900}, "kav8.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800}, "cloudinfra-gw.portal.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 60}, "datatube-prod.azurewebsites.net": DomInfo{Vendor: "CheckPoint Harmony", TTL: 30}, "updates.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800}, "ep-repo.epmgmt.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 300}, "file-rep.iaas.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 60}, "threatcloud.iaas.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 60}, "dl3.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800}, "secureupdates.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800}, "epm-gw-eu.epmgmt.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 86400}, "url-rep.iaas.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 60}, "te.iaas.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 60}, "services.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800}, "europe-west1-datatube-240519.cloudfunctions.net": DomInfo{Vendor: "CheckPoint Harmony", TTL: 300}, "cws.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800}, "teadv.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800}, "us-east4-chkp-gcp-rnd-threat-hunt-box.cloudfunctions.net": DomInfo{Vendor: "CheckPoint Harmony", TTL: 300}, "te.checkpoint.com": DomInfo{Vendor: "CheckPoint Harmony", TTL: 1800}, // Cybereason // https://docs.cybereason.com/en/latest/cloud_deploy/enablecommunication.html "data-epgw-eu-west-1.cybereason.net": DomInfo{Vendor: "Cybereason", TTL: 300}, "probe-dist-asia-northeast-1.cybereason.net": DomInfo{Vendor: "Cybereason", TTL: 60}, "data-epgw-asia-northeast-1.cybereason.net": DomInfo{Vendor: "Cybereason", TTL: 300}, "probe-dist.cybereason.net": DomInfo{Vendor: "Cybereason", TTL: 300}, "probe-dist-eu-west-1.cybereason.net": DomInfo{Vendor: "Cybereason", TTL: 300}, "probe-dist-dns.cybereason.net": DomInfo{Vendor: "Cybereason", TTL: 3600}, "data-epgw.cybereason.net": DomInfo{Vendor: "Cybereason", TTL: 300}, "cybereason.com": DomInfo{Vendor: "Cybereason", TTL: 300}, // FireEye / Trellix // https://kcm.trellix.com/corporate/index?page=content&id=KB90878 "manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 900}, "cds-usw001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "sw-eu001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "cdn-usw002.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "sw-ind001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "cdn-usw001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "cdn-usw003.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "auth.ui.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "uam.api.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "api.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "cds-usw002.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "sw-usw003.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "sw-usw004.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 300}, "dxlweb-usw001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "cds-usw003.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "cdn-sgp001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "dxlweb-usw002.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "cdn-ind001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "dxl-usw002.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "sw-usw001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "dxl-usw001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "dxlweb-usw003.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "cds-usw004.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "cdn-au001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "sw-usw002.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "sw-sgp001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "dxlweb-usw004.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "cdn-usw004.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "sw-au001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "dxl-usw004.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "dxl-usw003.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "cdn-eu001.manage.trellix.com": DomInfo{Vendor: "Trellix", TTL: 60}, "iam.cloud.trellix.com": DomInfo{Vendor: "Trellix", TTL: 10}, "iam-rs.cloud.trellix.com": DomInfo{Vendor: "Trellix", TTL: 10}, "gsd.cloud.trellix.com": DomInfo{Vendor: "Trellix", TTL: 10}, // Cortex XDR / Palo Alto Networks // https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Resources-Required-to-Enable-Access "panw-xdr-evr-prod-au.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "lrc-eu.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400}, "global-content-profiles-policy.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "panw-xdr-evr-prod-uk.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "lrc-ch.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400}, "lrc-jp.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400}, "panw-xdr-evr-prod-qt.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "panw-xdr-evr-prod-pl.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "pendo-static-5664029141630976.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "panw-xdr-evr-prod-sg.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "lrc-uk.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400}, "lrc-us.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400}, "lrc-tw.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 1800}, "panw-xdr-evr-prod-eu.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "lrc-ca.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400}, "paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 30}, "lrc-fa.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 30}, "panw-xdr-evr-prod-in.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "panw-xdr-evr-prod-fa.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "panw-xdr-evr-prod-ca.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "lrc-pl.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400}, "lrc-qt.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "panw-xdr-evr-prod-us.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "lrc-de.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "panw-xdr-installers-prod-us.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "panw-xdr-evr-prod-ch.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "lrc-in.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400}, "panw-xdr-evr-prod-de.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "lrc-au.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400}, "panw-xdr-evr-prod-tw.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "login.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400}, "lrc-sg.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400}, "panw-xdr-evr-prod-jp.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "panw-xdr-payloads-prod-us.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "distributions.traps.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "distributions-prod-fed.traps.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "cortex-gateway.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 30}, "gw-app-proxy.us.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "xdr-ova-installers-prod-us.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "identity.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "identity.gslb.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 5}, "identity.gcp.gslb.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 5}, "lrc-fed.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 14400}, "panw-xdr-installers-prod-fr.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "panw-xdr-payloads-prod-fr.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "global-content-profiles-policy-prod-fr.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "panw-xdr-evr-prod-fr.storage.googleapis.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, "app-proxy.federal.paloaltonetworks.com": DomInfo{Vendor: "Palo Alto Networks", TTL: 300}, // Singularity / SentinelOne "eu1-oauth.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300}, "eu1-qi.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300}, "console.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300}, "sentinelone.com": DomInfo{Vendor: "SentinelOne", TTL: 300}, "eu1-console.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300}, "eu1-content.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300}, "panel.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300}, "oauth.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300}, "xdr.intus1.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 60}, "eu1-device-api.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300}, "eu1-vpc.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300}, "eu1-acceptor.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300}, "login.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300}, "device-api.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300}, "eu1-panel.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300}, "eu1-token.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300}, "content.mobile.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300}, "ut.sentinelone.net": DomInfo{Vendor: "SentinelOne", TTL: 300}, // Symantec / Broadcom // https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-detection-and-response/4-7/about-v96380626-d38e6/required-firewall-ports-v97213154-d38e5602.html "remotetunnel5.edrc.symantec.com": DomInfo{Vendor: "Symantec", TTL: 600}, "remotetunnel1.edrc.symantec.com": DomInfo{Vendor: "Symantec", TTL: 600}, "remotetunnel3.edrc.symantec.com": DomInfo{Vendor: "Symantec", TTL: 600}, "bash-avpg.crsi.symantec.com": DomInfo{Vendor: "Symantec", TTL: 3600}, "remotetunnel2.edrc.symantec.com": DomInfo{Vendor: "Symantec", TTL: 600}, "central.b6.crsi.symantec.com": DomInfo{Vendor: "Symantec", TTL: 3600}, "stnd-ipsg.crsi.symantec.com": DomInfo{Vendor: "Symantec", TTL: 3600}, "datafeedapi.symanteccloud.com": DomInfo{Vendor: "Symantec", TTL: 300}, "stnd-avpg.crsi.symantec.com": DomInfo{Vendor: "Symantec", TTL: 3600}, "shasta-rrs.symantec.com": DomInfo{Vendor: "Symantec", TTL: 3600}, "remotetunnel4.edrc.symantec.com": DomInfo{Vendor: "Symantec", TTL: 600}, "liveupdate.symantec.com": DomInfo{Vendor: "Symantec", TTL: 3600}, "sso1.edrc.symantec.com": DomInfo{Vendor: "Symantec", TTL: 600}, "shasta-mrs.symantec.com": DomInfo{Vendor: "Symantec", TTL: 3600}, "telemetry.broadcom.com": DomInfo{Vendor: "Symantec", TTL: 3600}, "ratings-wrs.symantec.com": DomInfo{Vendor: "Symantec", TTL: 3600}, "api-gateway.symantec.com": DomInfo{Vendor: "Symantec", TTL: 3600}, "swupdate.brightmail.com": DomInfo{Vendor: "Symantec", TTL: 3600}, "symantec.com": DomInfo{Vendor: "Symantec", TTL: 600}, "licensing.dmas.symantec.com": DomInfo{Vendor: "Symantec", TTL: 3600}, "api.us.dmas.symantec.com": DomInfo{Vendor: "Symantec", TTL: 1800}, // could be wrong "api.eu.dmas.symantec.com": DomInfo{Vendor: "Symantec", TTL: 1800}, // Tanium "docs-es.tanium.com": DomInfo{Vendor: "Tanium", TTL: 300}, "prd-us-1-manage.mdm.cloud.tanium.com": DomInfo{Vendor: "Tanium", TTL: 900}, "docs-ko.tanium.com": DomInfo{Vendor: "Tanium", TTL: 300}, "tanium.com": DomInfo{Vendor: "Tanium", TTL: 300}, "prd-int.mdm.cloud.tanium.com": DomInfo{Vendor: "Tanium", TTL: 900}, "shared.prd-int.mdm.cloud.tanium.com": DomInfo{Vendor: "Tanium", TTL: 900}, "prd.mdm.cloud.tanium.com": DomInfo{Vendor: "Tanium", TTL: 900}, "jp.tanium.com": DomInfo{Vendor: "Tanium", TTL: 300}, "docs-fr.tanium.com": DomInfo{Vendor: "Tanium", TTL: 300}, "shared.prd-us-1-manage.mdm.cloud.tanium.com": DomInfo{Vendor: "Tanium", TTL: 900}, "shared.prd-us-1.mdm.cloud.tanium.com": DomInfo{Vendor: "Tanium", TTL: 900}, "prd-int-manage.mdm.cloud.tanium.com": DomInfo{Vendor: "Tanium", TTL: 900}, "prd-us-1.mdm.cloud.tanium.com": DomInfo{Vendor: "Tanium", TTL: 300}, "shared.prd-int-manage.mdm.cloud.tanium.com": DomInfo{Vendor: "Tanium", TTL: 300}, // Aurora // https://aurora-agent-manual.nextron-systems.com/en/latest/usage/upgrade-and-updates.html "update-aurora.nextron-systems.com": DomInfo{Vendor: "Nextron Aurora", TTL: 60}, "update-102.nextron-systems.com": DomInfo{Vendor: "Nextron Aurora", TTL: 60}, "update-202.nextron-systems.com": DomInfo{Vendor: "Nextron Aurora", TTL: 60}, "update-201.nextron-systems.com": DomInfo{Vendor: "Nextron Aurora", TTL: 60}, "update-lite.nextron-systems.com": DomInfo{Vendor: "Nextron Aurora", TTL: 60}, // Trend Micro // https://docs.trendmicro.com/en-us/documentation/article/deep-discovery-director-(consolidated-mode)-53-online-help-service-addresses-an_002 // https://cloudone.trendmicro.com/docs/workload-security/communication-ports-urls-ip/ "xdr.trendmicro.co.jp": DomInfo{Vendor: "Trend Micro", TTL: 60}, "files.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 1800}, "api.nacloud.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 60}, "cloudone.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 60}, "ddd53-p.activeupdate.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 1800}, "trenddefense.com": DomInfo{Vendor: "Trend Micro", TTL: 300}, "threatconnect.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 1800}, "api.sg.nacloud.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 60}, "trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 1800}, "api.jp.nacloud.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 60}, "api.eu.nacloud.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 60}, "docs.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 1800}, "api.us.nacloud.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 60}, "ddd53-threatconnect.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 1800}, "licenseupdate.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 1800}, "xdr.trendmicro.com": DomInfo{Vendor: "Trend Micro", TTL: 60}, // Rapid7 InsightIDR // https://docs.rapid7.com/insightidr/ports-used-by-insightidr "data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 60}, "us2.data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30}, "us3.data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30}, "eu.data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30}, "ca.data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30}, "au.data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30}, "ap.data.insight.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30}, "endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300}, "us2.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300}, "us3.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300}, "eu.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300}, "ca.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300}, "au.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300}, "ap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300}, "us.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400}, "us.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400}, "us2.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400}, "us2.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400}, "us3.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400}, "us3.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400}, "eu.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400}, "eu.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400}, "ca.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400}, "ca.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400}, "au.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400}, "au.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400}, "ap.storage.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400}, "ap.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400}, }