We are looking for a script to be developed that will use two checks (MaxMind which is already utilized during the CyHy-import and cyhy-add functions as well as the WhoIs check that is going to be implemented in the aforementioned functions referencing in #106) to check for International IPs that are either geolocated in or have a WhoIs organization showing as an international entity we are not permitted to scan. Both checks should occur within this script.
Motivation and context
IPs for the Vulnerability Scanning service should be checked against the restricted countries using both geolocation data (utilizing MaxMind) and WhoIs. This will give us a way to regularly check IP data for those IPs that have already been imported into the CyHy database.
Implementation notes
Create script that gathers both WhoIs data and Geolocation data we are getting returned from MaxMind to see if it is located within a country that we are not permitted to scan. This scan should be able to be run against all CyHy assets housed within the CyHy DB at anytime. Therefore, when updates to docker images are completed, the VS team will be able to run this proposed script at anytime to check for any changes in information regarding international assets.
Acceptance criteria
How do we know when this work is done?
[ ] Script checks for WhoIs Data to see if data is located within restricted country
[ ] Script checks for MaxMind Data to see if data is geolocated within restricted country
[ ] Allows us to run manual and can check for multiple IPs at a given time
[ ] Returns message with any IP located within one of these countries, the IP itself, the country name.
[ ] Allows for checks at the VS teams discretion of cadence of full CyHy IP scope
💡 Summary
We are looking for a script to be developed that will use two checks (MaxMind which is already utilized during the CyHy-import and cyhy-add functions as well as the WhoIs check that is going to be implemented in the aforementioned functions referencing in #106) to check for International IPs that are either geolocated in or have a WhoIs organization showing as an international entity we are not permitted to scan. Both checks should occur within this script.
Motivation and context
IPs for the Vulnerability Scanning service should be checked against the restricted countries using both geolocation data (utilizing MaxMind) and WhoIs. This will give us a way to regularly check IP data for those IPs that have already been imported into the CyHy database.
Implementation notes
Acceptance criteria
How do we know when this work is done?