Fixes code updates CSVs

scripts/all_xdr_port_references.csv

@@ -21,11 +21,13 @@
 /base/splunk_servers/cluster_master/main.tf,splunk-web-in,from_port,8000,tcp
 /base/splunk_servers/cluster_master/main.tf,splunk-api-in,from_port,8089,tcp
 /base/splunk_servers/cluster_master/main.tf,splunk-api-in-moose,from_port,8089,tcp
+/base/splunk_servers/cluster_master/main.tf,ssh-out,from_port,22,tcp
 /base/splunk_servers/cluster_master/main.tf,splunk-api-out,from_port,8089,tcp
 /base/splunk_servers/cluster_master/main.tf,splunk-data-out,from_port,9997,tcp
 /base/splunk_servers/cluster_master/main.tf,splunk-data-out,to_port,9998,tcp
 /base/splunk_servers/searchhead/main.tf,splunk-web-in,from_port,8000,tcp
 /base/splunk_servers/searchhead/main.tf,splunk-api-in,from_port,8089,tcp
+/base/splunk_servers/searchhead/main.tf,ssh-out,from_port,22,tcp
 /base/splunk_servers/searchhead/main.tf,splunk-api-out,from_port,8089,tcp
 /base/splunk_servers/searchhead/main.tf,splunk-api-out-to-all,from_port,8089,tcp
 /base/splunk_servers/searchhead/main.tf,splunk-data-out,from_port,9997,tcp
@@ -38,6 +40,7 @@
 /base/splunk_servers/searchhead/elb.tf,searchhead-alb-api-out,from_port,8089,tcp
 /base/splunk_servers/heavy_forwarder/main.tf,splunk-web-in,from_port,8000,tcp
 /base/splunk_servers/heavy_forwarder/main.tf,splunk-api-in,from_port,8089,tcp
+/base/splunk_servers/heavy_forwarder/main.tf,ssh-out,from_port,22,tcp
 /base/splunk_servers/heavy_forwarder/main.tf,splunk-api-out,from_port,8089,tcp
 /base/splunk_servers/heavy_forwarder/main.tf,splunk-data-out,from_port,9997,tcp
 /base/splunk_servers/heavy_forwarder/main.tf,splunk-data-out,to_port,9998,tcp
@@ -167,12 +170,18 @@
 /base/nessus/instance_security_center/securitygroup-server.tf,security_center_outbound_nessus,from_port,8834,tcp
 /base/nessus/instance_security_center/securitygroup-server.tf,security_center_outbound_nessus,to_port,8835,tcp
 /base/nessus/instance_nessus_scanner/securitygroup-server.tf,nessus_scanner_inbound_22,from_port,22,tcp
+/base/nessus/instance_nessus_scanner/securitygroup-server.tf,nessus_scanner_inbound_3022,from_port,3022,tcp
 /base/nessus/instance_nessus_scanner/securitygroup-server.tf,nessus_scanner_inbound_443,from_port,443,tcp
 /base/nessus/instance_nessus_scanner/securitygroup-server.tf,nessus_scanner_inbound_nessus,from_port,8834,tcp
 /base/nessus/instance_nessus_scanner/securitygroup-server.tf,nessus_scanner_inbound_nessus,to_port,8835,tcp
+/base/nessus/instance_nessus_manager/securitygroup-server.tf,nessus_manager_inbound_nessus,from_port,8834,tcp
+/base/nessus/instance_nessus_manager/securitygroup-server.tf,http-in-external-c2-users,from_port,8834,tcp
 /base/vmray_instances/security-groups.tf,vmray-ssh,from_port,22,tcp
 /base/vmray_instances/security-groups.tf,vmray-https,from_port,443,tcp
 /base/vmray_instances/security-groups.tf,vmray-egress,from_port,0,all
+/base/keycloak/security-groups-rds.tf,keycloak_rds_in,from_port,5432,tcp
+/base/keycloak/security-groups-rds.tf,keycloak_security_in,from_port,0,-1
+/base/keycloak/security-groups-rds.tf,keycloak_security_in,to_port,65535,-1
 /base/dns/resolver_instance/main.tf,dns-tcp,from_port,53,tcp
 /base/dns/resolver_instance/main.tf,dns-udp,from_port,53,udp
 /base/dns/resolver_instance/main.tf,dns_outbound_tcp,from_port,53,tcp

scripts/ports_scrapper.py

@@ -53,18 +53,18 @@ def parse_tf_files(files):
                 for resource_name in resources[resource].keys():
                     for item_name in resources[resource][resource_name].keys():
                         if item_name == "from_port" or item_name == "to_port": #only look at the ports
-                            if type(resources[resource][resource_name][item_name][0]) is int: #only grab it if is is a number
+                            if type(resources[resource][resource_name][item_name]) is int: #only grab it if is is a number
                                 if resources[resource][resource_name]["from_port"] == resources[resource][resource_name]["to_port"]:
                                     #if the from_port and to_port are the same only grab it once 
-                                    my_resources.append(min_file[1] + "," + resource_name + "," + item_name + "," + str(resources[resource][resource_name][item_name][0]) + "," + resources[resource][resource_name]["protocol"][0])
-                                    dict_input = min_file[1] + "," + resource_name + "," + item_name + "," + str(resources[resource][resource_name][item_name][0]) + "," + resources[resource][resource_name]["protocol"][0]
-                                    my_resources_dict[resources[resource][resource_name][item_name][0]] = dict_input
+                                    my_resources.append(min_file[1] + "," + resource_name + "," + item_name + "," + str(resources[resource][resource_name][item_name]) + "," + resources[resource][resource_name]["protocol"])
+                                    dict_input = min_file[1] + "," + resource_name + "," + item_name + "," + str(resources[resource][resource_name][item_name]) + "," + resources[resource][resource_name]["protocol"]
+                                    my_resources_dict[resources[resource][resource_name][item_name]] = dict_input
                                     break
                                 else:
                                     #grab both from_port and to_port
-                                    my_resources.append(min_file[1] + "," + resource_name + "," + item_name + "," + str(resources[resource][resource_name][item_name][0]) + "," + resources[resource][resource_name]["protocol"][0])
-                                    dict_input = min_file[1] + "," + resource_name + "," + item_name + "," + str(resources[resource][resource_name][item_name][0]) + "," + resources[resource][resource_name]["protocol"][0]
-                                    my_resources_dict[resources[resource][resource_name][item_name][0]] = dict_input
+                                    my_resources.append(min_file[1] + "," + resource_name + "," + item_name + "," + str(resources[resource][resource_name][item_name]) + "," + resources[resource][resource_name]["protocol"])
+                                    dict_input = min_file[1] + "," + resource_name + "," + item_name + "," + str(resources[resource][resource_name][item_name]) + "," + resources[resource][resource_name]["protocol"]
+                                    my_resources_dict[resources[resource][resource_name][item_name]] = dict_input
     print("Found "+ str(len(my_resources)) + " port references.")
     return my_resources, my_resources_dict
 

scripts/xdr_port_references.csv

@@ -5,27 +5,27 @@
 /base/splunk_servers/alsi/master.tf,alsi-master-splunk-data,from_port,9997,tcp
 /base/splunk_servers/alsi/master.tf,alsi-master-splunk-data,to_port,9998,tcp
 /base/phantom/securitygroup-server.tf,phantom_server_outbound_https,from_port,443,tcp
+/base/phantom/securitygroup-server.tf,phantom_server_outbound_ssh_to_legacy,from_port,22,tcp
 /base/phantom/securitygroup-server.tf,phantom_server_outbound_http,from_port,80,tcp
 /base/splunk_servers/alsi/workers.tf,alsi_worker_vpn_in2,from_port,9200,tcp
 /base/splunk_servers/alsi/master.tf,alsi-master-vpn-web-in,from_port,9000,tcp
 /base/splunk_servers/alsi/master.tf,alsi-master-interconnections,from_port,4200,tcp
-/base/phantom/securitygroup-server.tf,phantom_server_outbound_ssh_to_legacy,from_port,22,tcp
-/base/jira/rds_jira/security-groups.tf,jira_rds_in,from_port,5432,tcp
+/base/keycloak/security-groups-rds.tf,keycloak_rds_in,from_port,5432,tcp
 /base/customer_portal/main.tf,customer_portal_smtps_outbound,from_port,465,tcp
 /base/interconnects/security-groups.tf,bgp_ingress,from_port,179,tcp
 /base/interconnects/security-groups.tf,ipsec_l2tp_ingress,from_port,1701,udp
 /base/interconnects/security-groups.tf,ipsec_ike_ingress,from_port,500,udp
 /base/interconnects/security-groups.tf,ipsec_ike_nat_t_ingress,from_port,4500,udp
-/base/vmray_instances/security-groups.tf,vmray-egress,from_port,0,all
+/base/keycloak/security-groups-rds.tf,keycloak_security_in,from_port,0,-1
 /base/openvpn/main.tf,openvpn-in,from_port,1194,udp
 /base/github/securitygroup-server.tf,ghe_server_inbound_https_external_elb_8444,from_port,8443,tcp
 /base/phantom/securitygroup-server.tf,phantom_server_inbound_8888,from_port,8888,tcp
 /base/github/securitygroup-server.tf,ghe_server_inbound_mgmt_ssh_backup_sgs,from_port,122,tcp
-/base/nessus/instance_nessus_scanner/securitygroup-server.tf,nessus_scanner_inbound_nessus,from_port,8834,tcp
+/base/nessus/instance_nessus_manager/securitygroup-server.tf,http-in-external-c2-users,from_port,8834,tcp
 /base/nessus/instance_nessus_scanner/securitygroup-server.tf,nessus_scanner_inbound_nessus,to_port,8835,tcp
 /base/openvpn/main.tf,openvpn-ldap-out,from_port,636,tcp
 /base/sensu/elb.tf,alb_to_sensu_health,from_port,8080,tcp
-/base/jira/rds_jira/security-groups.tf,jira_security_in,to_port,65535,-1
+/base/keycloak/security-groups-rds.tf,keycloak_security_in,to_port,65535,-1
 /base/github/securitygroup-backupserver.tf,ghe_backup_server_ingress_nfs,from_port,2049,tcp
 /base/github/securitygroup-server.tf,ghe_server_inbound_https_internal_elb,to_port,444,tcp
 /base/github/securitygroup-server.tf,ghe_server_inbound_https_internal_elb_23,from_port,23,tcp
@@ -34,5 +34,6 @@
 /base/mailrelay/main.tf,smtp-in,from_port,25,tcp
 /base/mailrelay/main.tf,submission-out,from_port,587,tcp
 /base/teleport-single-instance/alb-internal.tf,alb_internal-to_server,from_port,3080,tcp
+/base/nessus/instance_nessus_scanner/securitygroup-server.tf,nessus_scanner_inbound_3022,from_port,3022,tcp
 /base/phantom/securitygroup-server.tf,phantom_server_outbound_tcp_dns,from_port,53,udp
 /base/sensu/elb.tf,alb_to_sensu_server,from_port,8081,tcp