484 lines
20 KiB
Go
484 lines
20 KiB
Go
package common
|
|
|
|
import "fmt"
|
|
|
|
type Pair struct {
|
|
Domain string
|
|
TTL uint32
|
|
}
|
|
|
|
var Vendors = map[string][]Pair{
|
|
fmt.Sprintf("%sMicrosoft Defender for Endpoint%s", ColorCyan, ColorReset): domains_microsoft,
|
|
fmt.Sprintf("%sVMWare%s Carbon Black%s", ColorCyan, ColorGray, ColorReset): domains_carbonblack,
|
|
fmt.Sprintf("%sCrowdStrike Falcon%s", ColorRed, ColorReset): domains_crowdstrike,
|
|
fmt.Sprintf("%sCheck Point Harmony%s", ColorPurple, ColorReset): domains_checkpoint,
|
|
fmt.Sprintf("%sCybereason%s", ColorYellow, ColorReset): domains_cybereason,
|
|
fmt.Sprintf("%sTrellix%s", ColorCyan, ColorReset): domains_trellix,
|
|
fmt.Sprintf("%sCortex XDR%s", ColorOrange, ColorReset): domains_paloalto,
|
|
fmt.Sprintf("%sSentinelOne Singularity%s", ColorPurple, ColorReset): domains_sentinelone,
|
|
fmt.Sprintf("%sSymantec Endpoint Security%s", ColorYellow, ColorReset): domains_symantec,
|
|
fmt.Sprintf("%sTanium%s", ColorRed, ColorReset): domains_tanium,
|
|
fmt.Sprintf("%sNextron%s Aurora%s", ColorCyan, ColorGreen, ColorReset): domains_aurora,
|
|
fmt.Sprintf("%sTrend Micro Endpoint Sensor%s", ColorRed, ColorReset): domains_trendmicro,
|
|
fmt.Sprintf("%sRapid7%s InsightIDR", ColorOrange, ColorReset): domains_rapid7,
|
|
}
|
|
|
|
// Microsoft Defender for Endpoint
|
|
// https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus?view=o365-worldwide#services-and-urls
|
|
var domains_microsoft = []Pair{
|
|
{"download.microsoft.com", 3600}, // not certain
|
|
{"go.microsoft.com", 3600}, // not certain
|
|
{"security.microsoft.com", 3600},
|
|
{"settings-win.data.microsoft.com", 3600}, // not certain
|
|
{"windowsupdate.com", 300},
|
|
{"ctldl.windowsupdate.com", 3600}, // not certain
|
|
{"wdcp.microsoft.com", 3600},
|
|
{"wd.microsoft.com", 300},
|
|
{"wdcpalt.microsoft.com", 3600},
|
|
{"checkappexec.microsoft.com", 3600}, // not certain
|
|
{"smartscreen-prod.microsoft.com", 3600},
|
|
{"vortex-win.data.microsoft.com", 120},
|
|
{"update.microsoft.com", 3600}, // not certain
|
|
{"download.windowsupdate.com", 3600}, // not certain
|
|
{"definitionupdates.microsoft.com", 3600},
|
|
// {"delivery.mp.microsoft.com", 0},
|
|
// {"fe3cr.delivery.mp.microsoft.com", 0},
|
|
{"ussus2westprod.blob.core.windows.net", 60},
|
|
{"ussus1westprod.blob.core.windows.net", 60},
|
|
{"wsus2westprod.blob.core.windows.net", 60},
|
|
{"wseu1northprod.blob.core.windows.net", 60},
|
|
{"wsus2eastprod.blob.core.windows.net", 60},
|
|
{"ussus3westprod.blob.core.windows.net", 60},
|
|
{"wsus1eastprod.blob.core.windows.net", 60},
|
|
{"wsuk1westprod.blob.core.windows.net", 60},
|
|
{"ussus2eastprod.blob.core.windows.net", 60},
|
|
{"usseu1northprod.blob.core.windows.net", 60},
|
|
{"wsus1westprod.blob.core.windows.net", 60},
|
|
{"usseu1westprod.blob.core.windows.net", 60},
|
|
{"ussus1eastprod.blob.core.windows.net", 60},
|
|
{"ussuk1westprod.blob.core.windows.net", 60},
|
|
{"ussus4eastprod.blob.core.windows.net", 60},
|
|
{"wseu1westprod.blob.core.windows.net", 60},
|
|
{"ussuk1southprod.blob.core.windows.net", 60},
|
|
{"ussus3eastprod.blob.core.windows.net", 60},
|
|
{"ussus4westprod.blob.core.windows.net", 60},
|
|
{"wsuk1southprod.blob.core.windows.net", 60},
|
|
}
|
|
|
|
// VMWare Carbon Black
|
|
// https://developer.carbonblack.com/reference/carbon-black-cloud/authentication/#index-of-base-urls
|
|
// https://docs.vmware.com/en/VMware-Carbon-Black-EDR/7.8.0/cb-edr-scm-guide/GUID-3117FB54-5D0F-46C1-8372-BF3784D27CFF.html
|
|
// restricted: https://community.carbonblack.com/t5/Knowledge-Base/CB-Defense-What-Ports-must-be-opened-on-the-Firewall-and-Proxy/ta-p/36295
|
|
var domains_carbonblack = []Pair{
|
|
{"defense-prod05.conferdeploy.net", 60},
|
|
{"console.cloud.vmware.com", 60},
|
|
{"updates2.cdc.carbonblack.io", 300},
|
|
{"dashboard.confer.net", 300},
|
|
{"console.cloud-us-gov.vmware.com", 300},
|
|
{"ew2.carbonblackcloud.vmware.com", 30},
|
|
{"defense.conferdeploy.net", 60},
|
|
{"carbonblack.io", 60},
|
|
{"carbonblack.vmware.com", 86400},
|
|
{"defense-prodnrt.conferdeploy.net", 60},
|
|
{"updates.cdc.carbonblack.io", 60},
|
|
{"gprd1usgw1.carbonblack-us-gov.vmware.com", 3600},
|
|
{"defense-prodsyd.conferdeploy.net", 60},
|
|
{"carbonblack.com", 300},
|
|
{"defense-eap01.conferdeploy.net", 60},
|
|
{"defense-eu.conferdeploy.net", 60},
|
|
{"api.alliance.carbonblack.com", 600},
|
|
{"api2.alliance.carbonblack.com", 600},
|
|
{"threatintel.bit9.com", 3600},
|
|
{"yum.distro.carbonblack.io", 300},
|
|
}
|
|
|
|
// CrowdStrike Falcon
|
|
// https://www.dell.com/support/kbdoc/en-us/000177899/crowdstrike-falcon-sensor-system-requirements
|
|
var domains_crowdstrike = []Pair{
|
|
{"falcon.us-2.crowdstrike.com", 120},
|
|
{"falcon.crowdstrike.com", 60},
|
|
{"ts01-gyr-maverick.cloudsink.net", 60},
|
|
// {"us-gov-2.crowdstrike.com", 0},
|
|
{"api.crowdstrike.com", 300},
|
|
{"ts01-b.cloudsink.net", 1800},
|
|
// {"firehose.us-gov-2.crowdstrike.com", 0},
|
|
{"assets.falcon.eu-1.crowdstrike.com", 120},
|
|
{"api.eu-1.crowdstrike.com", 60},
|
|
{"lfodown01-b.cloudsink.net", 1800},
|
|
{"assets-public.falcon.crowdstrike.com", 60},
|
|
{"assets.falcon.us-2.crowdstrike.com", 120},
|
|
{"api.us-2.crowdstrike.com", 120},
|
|
{"assets-public.us-2.falcon.crowdstrike.com", 120},
|
|
{"firehose.laggar.gcw.crowdstrike.com", 60},
|
|
{"ts01-lanner-lion.cloudsink.net", 60},
|
|
{"lfoup01-lanner-lion.cloudsink.net", 1800},
|
|
{"assets-public.falcon.eu-1.crowdstrike.com", 120},
|
|
{"crowdstrike.com", 300},
|
|
{"lfoup01-gyr-maverick.cloudsink.net", 1800},
|
|
{"lfoup01-b.cloudsink.net", 1800},
|
|
{"ts01-laggar-gcw.cloudsink.net", 60},
|
|
{"falconhose-laggar01-g-720386815.us-gov-west-1.elb.amazonaws.com", 60},
|
|
{"ts01-us-gov-2.cloudsink.net", 1800},
|
|
{"laggar-falconui01-g-245478519.us-gov-west-1.elb.amazonaws.com", 60},
|
|
{"assets.falcon.crowdstrike.com", 60},
|
|
{"lfodown01-lanner-lion.cloudsink.net", 60},
|
|
{"falcon.laggar.gcw.crowdstrike.com", 60},
|
|
{"firehose.us-2.crowdstrike.com", 120},
|
|
{"firehose.eu-1.crowdstrike.com", 120},
|
|
{"lfodown01-laggar-gcw.cloudsink.net", 60},
|
|
{"api.laggar.gcw.crowdstrike.com", 60},
|
|
{"lfodown01-gyr-maverick.cloudsink.net", 60},
|
|
{"lfodown01-us-gov-2.cloudsink.net", 1800},
|
|
{"sensorproxy-laggar-g-524628337.us-gov-west-1.elb.amazonaws.com", 60},
|
|
{"firehose.crowdstrike.com", 300},
|
|
{"ELB-Laggar-P-LFO-DOWNLOAD-1265997121.us-gov-west-1.elb.amazonaws.com", 60},
|
|
}
|
|
|
|
// Harmony / CheckPoint
|
|
// https://support.checkpoint.com/results/sk/sk116590
|
|
var domains_checkpoint = []Pair{
|
|
{"rep.checkpoint.com", 1800},
|
|
{"threat-emulation.checkpoint.com", 1800},
|
|
{"sc1.checkpoint.com", 1800},
|
|
{"gwevents.checkpoint.com", 300},
|
|
{"gwevents.us.checkpoint.com", 180},
|
|
{"endpoint-cdn.epmgmt.checkpoint.com", 300},
|
|
// {"checkpoint.com", 25}, <- dynamic ttl
|
|
{"kav8.checkpoint.com", 1800},
|
|
{"cloudinfra-gw.portal.checkpoint.com", 60},
|
|
{"datatube-prod.azurewebsites.net", 30},
|
|
{"updates.checkpoint.com", 1800},
|
|
{"ep-repo.epmgmt.checkpoint.com", 300},
|
|
{"file-rep.iaas.checkpoint.com", 60},
|
|
{"threatcloud.iaas.checkpoint.com", 60},
|
|
{"dl3.checkpoint.com", 1800},
|
|
{"secureupdates.checkpoint.com", 1800},
|
|
{"epm-gw-eu.epmgmt.checkpoint.com", 86400},
|
|
{"url-rep.iaas.checkpoint.com", 60},
|
|
{"te.iaas.checkpoint.com", 60},
|
|
{"services.checkpoint.com", 1800},
|
|
{"europe-west1-datatube-240519.cloudfunctions.net", 300},
|
|
{"cws.checkpoint.com", 1800},
|
|
{"teadv.checkpoint.com", 1800},
|
|
{"us-east4-chkp-gcp-rnd-threat-hunt-box.cloudfunctions.net", 300},
|
|
{"te.checkpoint.com", 1800},
|
|
{"hap2.epmgmt.checkpoint.com", 300},
|
|
{"hap21.epmgmt.checkpoint.com", 300},
|
|
{"hap5.epmgmt.checkpoint.com", 300},
|
|
{"hap51.epmgmt.checkpoint.com", 300},
|
|
{"hap1.epmgmt.checkpoint.com", 300},
|
|
{"hap11.epmgmt.checkpoint.com", 300},
|
|
{"hap3.epmgmt.checkpoint.com", 300},
|
|
{"hap31.epmgmt.checkpoint.com", 300},
|
|
{"hap4.epmgmt.checkpoint.com", 300},
|
|
{"hap41.epmgmt.checkpoint.com", 300},
|
|
{"ftp-proxy.checkpoint.com", 1800},
|
|
{"web-rep.checkpoint.com", 1800},
|
|
}
|
|
|
|
// Cybereason
|
|
// https://docs.cybereason.com/en/latest/cloud_deploy/enablecommunication.html
|
|
var domains_cybereason = []Pair{
|
|
{"data-epgw-eu-west-1.cybereason.net", 300},
|
|
{"probe-dist-asia-northeast-1.cybereason.net", 60},
|
|
{"data-epgw-asia-northeast-1.cybereason.net", 300},
|
|
{"probe-dist.cybereason.net", 300},
|
|
{"probe-dist-eu-west-1.cybereason.net", 300},
|
|
{"probe-dist-dns.cybereason.net", 3600},
|
|
{"data-epgw.cybereason.net", 300},
|
|
{"cybereason.com", 600},
|
|
}
|
|
|
|
// FireEye / Trellix
|
|
// https://kcm.trellix.com/corporate/index?page=content&id=KB90878
|
|
var domains_trellix = []Pair{
|
|
{"epo.trellix.com", 300},
|
|
{"s-download.trellix.com", 300},
|
|
{"lc.trellix.com", 300},
|
|
{"manage.trellix.com", 60},
|
|
{"cds-usw001.manage.trellix.com", 60},
|
|
{"cdn-usw002.manage.trellix.com", 60},
|
|
{"cdn-usw001.manage.trellix.com", 60},
|
|
{"cdn-usw003.manage.trellix.com", 60},
|
|
{"auth.ui.trellix.com", 60},
|
|
{"uam.api.trellix.com", 60},
|
|
{"api.manage.trellix.com", 60},
|
|
{"cds-usw002.manage.trellix.com", 60},
|
|
{"trellix.com", 60},
|
|
{"dxlweb-usw001.manage.trellix.com", 60},
|
|
{"cds-usw003.manage.trellix.com", 60},
|
|
{"cdn-sgp001.manage.trellix.com", 60},
|
|
{"dxlweb-usw002.manage.trellix.com", 60},
|
|
{"cdn-ind001.manage.trellix.com", 60},
|
|
{"dxl-usw002.manage.trellix.com", 60},
|
|
{"dxl-usw001.manage.trellix.com", 60},
|
|
{"dxlweb-usw003.manage.trellix.com", 60},
|
|
{"cds-usw004.manage.trellix.com", 60},
|
|
{"cdn-au001.manage.trellix.com", 60},
|
|
{"dxlweb-usw004.manage.trellix.com", 60},
|
|
{"cdn-usw004.manage.trellix.com", 60},
|
|
{"dxl-usw004.manage.trellix.com", 60},
|
|
{"dxl-usw003.manage.trellix.com", 60},
|
|
{"cdn-eu001.manage.trellix.com", 60},
|
|
{"iam.cloud.trellix.com", 10},
|
|
{"iam-rs.cloud.trellix.com", 10},
|
|
{"gsd.cloud.trellix.com", 10},
|
|
{"d2c-us-west-2.manage.trellix.com", 60},
|
|
{"d2c-eu-central-1.manage.trellix.com", 60},
|
|
{"dxlweb-sgp001.manage.trellix.com", 60},
|
|
{"dxl-sgp001.manage.trellix.com", 60},
|
|
{"dxl-eu001.manage.trellix.com", 60},
|
|
{"dxlweb-eu001.manage.trellix.com", 60},
|
|
{"dxl-au001.manage.trellix.com", 60},
|
|
{"dxlweb-au001.manage.trellix.com", 60},
|
|
{"dxl-ind001.manage.trellix.com", 60},
|
|
{"dxlweb-ind001.manage.trellix.com", 60},
|
|
{"ui-usw001.manage.trellix.com", 60},
|
|
{"ui-usw002.manage.trellix.com", 60},
|
|
{"ui-usw003.manage.trellix.com", 60},
|
|
{"ui-usw004.manage.trellix.com", 60},
|
|
{"ui-sgp001.manage.trellix.com", 60},
|
|
{"ui-eu001.manage.trellix.com", 60},
|
|
{"ui-au001.manage.trellix.com", 60},
|
|
{"ui-ind001.manage.trellix.com", 60},
|
|
{"ah-usw001.manage.trellix.com", 60},
|
|
{"ah-usw002.manage.trellix.com", 60},
|
|
{"ah-usw003.manage.trellix.com", 60},
|
|
{"ah-usw004.manage.trellix.com", 60},
|
|
{"ah-sgp001.manage.trellix.com", 60},
|
|
{"ah-eu001.manage.trellix.com", 60},
|
|
{"ah-au001.manage.trellix.com", 60},
|
|
{"ah-ind001.manage.trellix.com", 60},
|
|
}
|
|
|
|
// Cortex XDR / Palo Alto Networks
|
|
// https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Resources-Required-to-Enable-Access
|
|
var domains_paloalto = []Pair{
|
|
{"panw-xdr-evr-prod-au.storage.googleapis.com", 300},
|
|
{"lrc-eu.paloaltonetworks.com", 14400},
|
|
{"global-content-profiles-policy.storage.googleapis.com", 300},
|
|
{"panw-xdr-evr-prod-uk.storage.googleapis.com", 300},
|
|
{"lrc-ch.paloaltonetworks.com", 14400},
|
|
{"lrc-jp.paloaltonetworks.com", 14400},
|
|
{"panw-xdr-evr-prod-qt.storage.googleapis.com", 300},
|
|
{"panw-xdr-evr-prod-pl.storage.googleapis.com", 300},
|
|
{"pendo-static-5664029141630976.storage.googleapis.com", 300},
|
|
{"panw-xdr-evr-prod-sg.storage.googleapis.com", 300},
|
|
{"lrc-uk.paloaltonetworks.com", 14400},
|
|
{"lrc-us.paloaltonetworks.com", 14400},
|
|
{"lrc-tw.paloaltonetworks.com", 1800},
|
|
{"panw-xdr-evr-prod-eu.storage.googleapis.com", 300},
|
|
{"lrc-ca.paloaltonetworks.com", 14400},
|
|
{"paloaltonetworks.com", 30},
|
|
// {"lrc-fa.paloaltonetworks.com", 14400},
|
|
{"panw-xdr-evr-prod-in.storage.googleapis.com", 300},
|
|
{"panw-xdr-evr-prod-fa.storage.googleapis.com", 300},
|
|
{"panw-xdr-evr-prod-ca.storage.googleapis.com", 300},
|
|
{"lrc-pl.paloaltonetworks.com", 14400},
|
|
{"lrc-qt.paloaltonetworks.com", 300},
|
|
{"panw-xdr-evr-prod-us.storage.googleapis.com", 300},
|
|
{"lrc-de.paloaltonetworks.com", 300},
|
|
{"panw-xdr-installers-prod-us.storage.googleapis.com", 300},
|
|
{"panw-xdr-evr-prod-ch.storage.googleapis.com", 300},
|
|
{"lrc-in.paloaltonetworks.com", 14400},
|
|
{"panw-xdr-evr-prod-de.storage.googleapis.com", 300},
|
|
{"lrc-au.paloaltonetworks.com", 14400},
|
|
{"panw-xdr-evr-prod-tw.storage.googleapis.com", 300},
|
|
{"login.paloaltonetworks.com", 14400},
|
|
{"lrc-sg.paloaltonetworks.com", 14400},
|
|
{"panw-xdr-evr-prod-jp.storage.googleapis.com", 300},
|
|
{"panw-xdr-payloads-prod-us.storage.googleapis.com", 300},
|
|
{"distributions.traps.paloaltonetworks.com", 300},
|
|
{"distributions-prod-fed.traps.paloaltonetworks.com", 300},
|
|
{"cortex-gateway.paloaltonetworks.com", 30},
|
|
{"gw-app-proxy.us.paloaltonetworks.com", 300},
|
|
{"xdr-ova-installers-prod-us.storage.googleapis.com", 300},
|
|
{"identity.paloaltonetworks.com", 300},
|
|
{"identity.gslb.paloaltonetworks.com", 5},
|
|
{"identity.gcp.gslb.paloaltonetworks.com", 5},
|
|
{"lrc-fed.paloaltonetworks.com", 14400},
|
|
{"panw-xdr-installers-prod-fr.storage.googleapis.com", 300},
|
|
{"panw-xdr-payloads-prod-fr.storage.googleapis.com", 300},
|
|
{"global-content-profiles-policy-prod-fr.storage.googleapis.com", 300},
|
|
{"panw-xdr-evr-prod-fr.storage.googleapis.com", 300},
|
|
{"app-proxy.federal.paloaltonetworks.com", 300},
|
|
}
|
|
|
|
// Singularity / SentinelOne
|
|
var domains_sentinelone = []Pair{
|
|
{"eu1-oauth.mobile.sentinelone.net", 300},
|
|
{"eu1-qi.mobile.sentinelone.net", 300},
|
|
{"console.mobile.sentinelone.net", 300},
|
|
{"sentinelone.com", 300},
|
|
{"eu1-console.mobile.sentinelone.net", 300},
|
|
{"eu1-content.mobile.sentinelone.net", 300},
|
|
{"panel.mobile.sentinelone.net", 300},
|
|
{"oauth.mobile.sentinelone.net", 300},
|
|
{"xdr.intus1.sentinelone.net", 60},
|
|
{"eu1-device-api.mobile.sentinelone.net", 300},
|
|
{"eu1-vpc.mobile.sentinelone.net", 300},
|
|
{"eu1-acceptor.mobile.sentinelone.net", 300},
|
|
{"login.sentinelone.net", 300},
|
|
{"device-api.mobile.sentinelone.net", 300},
|
|
{"eu1-panel.mobile.sentinelone.net", 300},
|
|
{"eu1-token.mobile.sentinelone.net", 300},
|
|
{"content.mobile.sentinelone.net", 300},
|
|
{"ut.sentinelone.net", 300},
|
|
}
|
|
|
|
// Symantec / Broadcom
|
|
// https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-security/sescloud/Getting-Started/urls-to-whitelist-for-v129099891-d4155e9710.html
|
|
var domains_symantec = []Pair{
|
|
{"liveupdate.symantec.com", 3600},
|
|
{"liveupdate.symantecliveupdate.com", 600},
|
|
{"shasta-rrs.symantec.com", 1800},
|
|
{"ent-shasta-rrs.symantec.com", 1800},
|
|
{"ent-shasta-mr-clean.symantec.com", 1800},
|
|
{"symantec.com", 600},
|
|
{"sp.cwfservice.net", 600},
|
|
{"us.spoc.securitycloud.symantec.com", 600},
|
|
{"eu.spoc.securitycloud.symantec.com", 600},
|
|
{"in.spoc.securitycloud.symantec.com", 3600},
|
|
{"telemetry.broadcom.com", 3600},
|
|
{"tses.broadcom.com", 30},
|
|
{"central.b6.crsi.symantec.com", 1800},
|
|
{"central.ss.crsi.symantec.com", 1800},
|
|
{"central.nrsi.symantec.com", 1800},
|
|
{"central.avsi.symantec.com", 1800},
|
|
{"central.crsi.symantec.com", 1800},
|
|
{"shasta-mrs.symantec.com", 1800},
|
|
{"shasta-clt.symantec.com", 1800},
|
|
{"stnd-avpg.crsi.symantec.com", 1800},
|
|
{"avs-avpg.crsi.symantec.com", 1800},
|
|
{"stnd-ipsg.crsi.symantec.com ", 1800},
|
|
{"bash-avpg.crsi.symantec.com", 1800},
|
|
{"tus1gwynwapex01.symantec.com", 3600},
|
|
{"pod.threatpulse.com", 120},
|
|
{"faults.qalabs.symantec.com", 1800},
|
|
{"faults.symantec.com", 1800},
|
|
{"linux-repo-us.securityalliance.cloud", 86400},
|
|
{"usea1.r3.securitycloud.symantec.com", 3600},
|
|
{"euws1.r3.securitycloud.symantec.com", 3600},
|
|
{"inso1.r3.securitycloud.symantec.com", 3600},
|
|
{"datafeedapi.symanteccloud.com", 300},
|
|
{"us.spoc.securitycloud.symantec.com", 600},
|
|
{"eu.spoc.securitycloud.symantec.com ", 600},
|
|
{"in.spoc.securitycloud.symantec.com", 3600},
|
|
{"uploads.sep.securitycloud.symantec.com", 3600},
|
|
{"uploads.sep.eu.securitycloud.symantec.com ", 3600},
|
|
{"uploads.sep.in.securitycloud.symantec.com", 3600},
|
|
{"ws.securitycloud.symantec.com", 600},
|
|
{"bds.securitycloud.symantec.com", 600},
|
|
{"ws.eu.securitycloud.symantec.com", 3600},
|
|
{"bds.eu.securitycloud.symantec.com", 3600},
|
|
{"ws.in.securitycloud.symantec.com ", 3600},
|
|
{"bds.in.securitycloud.symantec.com", 3600},
|
|
{"cdn.sepmobile.securitycloud.symantec.com", 300},
|
|
{"mitm.sepmobile.securitycloud.symantec.com", 300},
|
|
{"services-prod.symantec.com", 600},
|
|
{"sep.securitycloud.symantec.com", 3600},
|
|
{"sep.eu.securitycloud.symantec.com", 3600},
|
|
{"sep.in.securitycloud.symantec.com", 3600},
|
|
{"avagoext.okta.com", 300},
|
|
{"accounts.saas.broadcomcloud.com", 3600},
|
|
{"api.sep.securitycloud.symantec.com", 86400},
|
|
{"api.sep.eu.securitycloud.symantec.com", 3600},
|
|
{"api.sep.in.securitycloud.symantec.com", 3600},
|
|
{"knowledge.broadcom.com", 3600},
|
|
{"support.broadcom.com", 300},
|
|
{"casupport.broadcom.com", 300},
|
|
{"login.broadcom.com", 3600},
|
|
{"ced.broadcom.com", 3600},
|
|
{"ratings-wrs.symantec.com", 3600},
|
|
{"api-gateway.symantec.com", 3600},
|
|
{"swupdate.brightmail.com", 3600},
|
|
{"licensing.dmas.symantec.com", 3600},
|
|
{"api.us.dmas.symantec.com", 300},
|
|
{"api.eu.dmas.symantec.com", 300},
|
|
}
|
|
|
|
// Tanium
|
|
var domains_tanium = []Pair{
|
|
{"content.tanium.com", 300},
|
|
{"docs-es.tanium.com", 300},
|
|
{"docs-fr.tanium.com", 300},
|
|
{"tanium.com", 300},
|
|
{"go2.tanium.com", 300},
|
|
{"learn.tanium.com", 300},
|
|
{"som.cloud.tanium.com", 60},
|
|
{"download.tanium.com", 300},
|
|
{"fnf-api.cloud.tanium.com", 60},
|
|
{"community.tanium.com", 300},
|
|
{"3.distribute.cloud.tanium.com", 300},
|
|
{"content.tanium.com", 300},
|
|
{"help.tanium.com", 300},
|
|
{"docs.tanium.com", 300},
|
|
{"moveit.tanium.com", 300},
|
|
{"kb.tanium.com", 300},
|
|
}
|
|
|
|
// Aurora
|
|
// https://aurora-agent-manual.nextron-systems.com/en/latest/usage/upgrade-and-updates.html
|
|
var domains_aurora = []Pair{
|
|
{"update-aurora.nextron-systems.com", 60},
|
|
{"update-102.nextron-systems.com", 60},
|
|
{"update-202.nextron-systems.com", 60},
|
|
{"update-201.nextron-systems.com", 60},
|
|
{"update-lite.nextron-systems.com", 60},
|
|
}
|
|
|
|
// Trend Micro
|
|
// https://docs.trendmicro.com/en-us/documentation/article/deep-discovery-director-(consolidated-mode)-53-online-help-service-addresses-an_002
|
|
// https://cloudone.trendmicro.com/docs/workload-security/communication-ports-urls-ip/
|
|
var domains_trendmicro = []Pair{
|
|
{"xdr.trendmicro.co.jp", 60},
|
|
{"files.trendmicro.com", 1800},
|
|
{"api.nacloud.trendmicro.com", 60},
|
|
{"cloudone.trendmicro.com", 60},
|
|
{"ddd53-p.activeupdate.trendmicro.com", 1800},
|
|
{"trenddefense.com", 300},
|
|
{"threatconnect.trendmicro.com", 1800},
|
|
{"api.sg.nacloud.trendmicro.com", 60},
|
|
{"trendmicro.com", 1800},
|
|
{"api.jp.nacloud.trendmicro.com", 60},
|
|
{"api.eu.nacloud.trendmicro.com", 60},
|
|
{"docs.trendmicro.com", 1800},
|
|
{"api.us.nacloud.trendmicro.com", 60},
|
|
{"ddd53-threatconnect.trendmicro.com", 1800},
|
|
{"licenseupdate.trendmicro.com", 1800},
|
|
{"xdr.trendmicro.com", 60},
|
|
}
|
|
|
|
// Rapid7 InsightIDR
|
|
// https://docs.rapid7.com/insightidr/ports-used-by-insightidr
|
|
var domains_rapid7 = []Pair{
|
|
{"data.insight.rapid7.com", 60},
|
|
{"us2.data.insight.rapid7.com", 30},
|
|
{"us3.data.insight.rapid7.com", 30},
|
|
{"eu.data.insight.rapid7.com", 30},
|
|
{"ca.data.insight.rapid7.com", 30},
|
|
{"au.data.insight.rapid7.com", 30},
|
|
{"ap.data.insight.rapid7.com", 30},
|
|
{"endpoint.ingress.rapid7.com", 300},
|
|
{"us2.endpoint.ingress.rapid7.com", 300},
|
|
{"us3.endpoint.ingress.rapid7.com", 300},
|
|
{"eu.endpoint.ingress.rapid7.com", 300},
|
|
{"ca.endpoint.ingress.rapid7.com", 300},
|
|
{"au.endpoint.ingress.rapid7.com", 300},
|
|
{"ap.endpoint.ingress.rapid7.com", 300},
|
|
{"us.storage.endpoint.ingress.rapid7.com", 86400},
|
|
{"us.bootstrap.endpoint.ingress.rapid7.com", 86400},
|
|
{"us2.storage.endpoint.ingress.rapid7.com", 86400},
|
|
{"us2.bootstrap.endpoint.ingress.rapid7.com", 86400},
|
|
{"us3.storage.endpoint.ingress.rapid7.com", 86400},
|
|
{"us3.bootstrap.endpoint.ingress.rapid7.com", 86400},
|
|
{"eu.storage.endpoint.ingress.rapid7.com", 86400}, // not certain
|
|
{"eu.bootstrap.endpoint.ingress.rapid7.com", 86400}, // not certain
|
|
{"ca.storage.endpoint.ingress.rapid7.com", 86400},
|
|
{"ca.bootstrap.endpoint.ingress.rapid7.com", 86400},
|
|
{"au.storage.endpoint.ingress.rapid7.com", 86400},
|
|
{"au.bootstrap.endpoint.ingress.rapid7.com", 86400},
|
|
{"ap.storage.endpoint.ingress.rapid7.com", 86400},
|
|
{"ap.bootstrap.endpoint.ingress.rapid7.com", 86400},
|
|
}
|