Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Security incident response often begins with an investigation to track down public IP address ownership. Using CLI, SOC team members can quickly search for all public IP addresses currently allocated across three different cloud providers.

Code Block
*AWS
//EC2 Elastic IPs
sfdx force:data:soql:query -q "SELECT Name, CA10__instanceId2__c, CA10__account__r.Name, CA10__regionName__c FROM CA10__CaAwsElasticIp__c WHERE CA10__instanceId2__c != NULL AND CA10__type__c = 'Public IP'"
//EC2 Public IPs
sfdx force:data:soql:query -q "SELECT CA10__publicIpAddress__c, Name, CA10__instanceId__c, CA10__account__r.Name, CA10__stateName__c, CA10__regionName__c FROM CA10__CaAwsInstance__c WHERE CA10__publicIpAddress__c != NULL"
    
*Azure
sfdx force:data:soql:query -q "SELECT Name, CA10__associatedResourceId__c, CA10__associatedResourceType__c FROM CA10__CaAzurePublicIpAddress__c"

Get a list of incidents related to a specific asset and take action

...