Dynamic Whitelisting, make sure its configurable #358
Assignees
Labels
Comments
vantagepointsecurity-danny
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
On change to the Released state, c2 ip and c2 dns should be checked against a dynamic set of scripts that will perform some dynamic whitelisting checks and return whether or not the c2 ip or dns should be allowed to be changed to the released state.
====
When an IP or IPs (bulk) are changed to the released state, iterate through all settings and find those prefixed with WHITELIST_SCRIPT_IP_* and call it, passing a json list of the IPs to the script. The script will return a json list with one code entry for each IP that it received. A return of 0 means that the IP can be changed to the released state and a non-zero for disallowing the release state change.
EX:
WHITELIST_SCRIPT_IP_FOO : /usr/bin/ip_checker.py
The generated command would be
/usr/bin/ip_checker.py [ "123.123.123.123", "1.1.1.1"]
it would return
[0, 1]
So the first IP would be allowed and the second wouldn't.
===
When a domain name or domain names (bulk) are changed to the released state, iterate through all settings and find those prefixed with WHITELIST_SCRIPT_DNS_* and call it, passing a json list of the domain names to the script. The script will return a json list with one code entry for each domain that it received. A return of 0 means that the domain can be changed to the released state and a non-zero for disallowing the release state change.
EX:
WHITELIST_SCRIPT_DNS_FOO : /usr/bin/domain_checker.py
The generated command would be
/usr/bin/domain_checker.py [ "foo.com", "google.com"]
it would return
[0, 1]
==
The text was updated successfully, but these errors were encountered: