search

cisagov / cyhy-system

Cyber Hygiene system and overall documentation/issue tracking
Creative Commons Zero v1.0 Universal
6 stars 0 forks source link

Update MaxMind DB #121

Closed rpearson42 closed 5 months ago

rpearson42 commented 5 months ago

🐛 Summary

We came across a warning/error about an IP address not being found in the geolocation database. When faced with the output below (please see ‘any helpful log…’ section), further analysis showed, for a specific asset, the registered location was US-based, but the geolocation was coming back from a restricted country. Finally, MaxMind confirmed the address was, indeed, US-based. We believe the MaxMind database needs to be updated for cyhy-ip verification for add commands.

To reproduce

We were unable to reproduce this behavior with another example for this bug report. However, overall it appears the MaxMind database needs to be updated. (Please reach out to VS Operators for specific, historical example.)

Expected behavior

We would not have expected this error to present itself on a non-restricted IP address, such as the one we came across. (Please reach out to VS Operators for specific, historical example.)

Any helpful log output or screenshots

(No screenshots, just terminal output below.)

The error seen when adding an IP to stakeholder's scope:

cyhy-ip -s cyhy-ops-production-write add ENTITY XXX.XXX.XXX.0/24
IP XXX.XXX.XXX.0 not found in geolocation database
float() argument must be a string or a number (None, None)
mcdonnnj commented 5 months ago

@rpearson42 Due to the way this information is currently sourced you will need an updated cisagov/cyhy-core Docker image. This is handled at the team level and is not something we (the dev team) manage directly.