Versions Compared

Old Version 16

changes.mady.by.user Yury Khokhryakov

Saved on

compared with

New Version 17

changes.mady.by.user Yury Khokhryakov

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Security incident response often begins with an investigation to track down public IP address ownership. Using CLI, SOC team members can quickly search for all public IP addresses currently allocated across three different cloud providers.

Code Block
*AWS
//EC2 Elastic IPs:
sfdx force:data:soql:query -q "SELECT Name, CA10__instanceId2__c, CA10__account__r.Name, CA10__regionName__c FROM CA10__CaAwsElasticIp__c WHERE CA10__instanceId2__c != NULL AND CA10__type__c = 'Public IP'"
//EC2 Public IPs:
sfdx force:data:soql:query -q "SELECT CA10__publicIpAddress__c, Name, CA10__instanceId__c, CA10__account__r.Name, CA10__stateName__c, CA10__regionName__c FROM CA10__CaAwsInstance__c WHERE CA10__publicIpAddress__c != NULL"
    
*Azure
sfdx force:data:soql:query -q "SELECT Name, CA10__associatedResourceId__c, CA10__associatedResourceType__c FROM CA10__CaAzurePublicIpAddress__c"

*Google
sfdx force:data:soql:query -q "SELECT CA10__address__c, Name, CA10__googleId__c, CA10__project__r.Name, CA10__regionName__c FROM CA10__CaGoogleGceStaticAddress__c"

Get a list of incidents related to a specific asset and take action

...