diff --git a/dns/saas-service-detection.yaml b/dns/saas-service-detection.yaml index 1e624f9e5e..128b93031d 100644 --- a/dns/saas-service-detection.yaml +++ b/dns/saas-service-detection.yaml @@ -1,10 +1,15 @@ id: saas-service-detection info: - name: dns saas service detection + name: DNS SaaS Service Detection + description: A CNAME DNS record was discovered matching a specified service provider author: noah @thesubtlety severity: info - tags: dns + tags: dns,service + reference: + - https://ns1.com/resources/cname + - https://www.theregister.com/2021/02/24/dns_cname_tracking/ + - https://www.ionos.com/digitalguide/hosting/technical-matters/cname-record/ dns: - name: "{{FQDN}}" @@ -23,13 +28,13 @@ dns: matchers: - type: word - name: O365 + name: o365 words: - outlook.com - office.com - type: word - name: Azure + name: azure words: - "azure-api.net" - "azure.com" @@ -69,7 +74,7 @@ dns: - "wixdns.net" - type: word - name: Akamai CDN + name: akamai-cdn condition: or words: - akadns.net @@ -94,7 +99,7 @@ dns: - edgesuite.net - type: word - name: Cloudflare CDN + name: cloudflare-cdn words: - cloudflare.net - cloudflare-dm-cmpimg.com @@ -115,54 +120,54 @@ dns: - sn-cloudflare.com - type: word - name: Amazon CloudFront + name: amazon-cloudfront words: - cloudfront.net - type: word - name: Salesforce + name: salesforce words: - salesforce.com - siteforce.com - force.com - type: word - name: Amazon AWS + name: amazon-aws words: - amazonaws.com - elasticbeanstalk.com - awsglobalaccelerator.com - type: word - name: Fastly CDN + name: fastly-cdn words: - fastly.net - type: word - name: Netlify + name: netlify words: - netlify.app - netlify.com - netlifyglobalcdn.com - type: word - name: Vercel + name: vercel words: - vercel.app - type: word - name: Sendgrid + name: sendgrid words: - sendgrid.net - sendgrid.com - type: word - name: Qualtrics + name: qualtrics words: - qualtrics.com - type: word - name: Heroku + name: heroku words: - herokuapp.com - herokucdn.com @@ -171,45 +176,45 @@ dns: - herokuspace.com - type: word - name: Gitlab + name: gitlab words: - gitlab.com - gitlab.io - type: word - name: Perforce Akana + name: perforce-akana words: - akana.com - apiportal.akana.com - type: word - name: Skilljar + name: skilljar words: - skilljarapp.com - type: word - name: Datagrail + name: datagrail words: - datagrail.io - type: word - name: Platform.sh + name: platform.sh words: - platform.sh - type: word - name: Folloze + name: folloze words: - folloze.com - type: word - name: Pendo/Receptive + name: pendo-receptive words: - receptive.io - pendo.io - type: word - name: Discourse + name: discourse words: - bydiscourse.com - discourse-cdn.com @@ -218,7 +223,7 @@ dns: - hosted-by-discourse.com - type: word - name: Adobe Marketo + name: adobe-marketo words: - marketo.com - marketo.co.uk @@ -227,39 +232,39 @@ dns: - mktoweb.com - type: regex - name: Adobe Marketo + name: adobe-marketo regex: - 'mkto-.{5,8}\.com' - type: word - name: Adobe Marketo + name: adobe-marketo words: - marketo.com - type: word - name: Rock Content + name: rock-content words: - postclickmarketing.com - rockcontent.com - rockstage.io - type: word - name: Rocketlane + name: rocketlane words: - rocketlane.com - type: word - name: Webflow + name: webflow words: - proxy-ssl.webflow.com - type: word - name: Stacker HQ + name: stacker-hq words: - stacker.app - type: word - name: HubSpot + name: hubspot words: - hs-analytics.net - hs-banner.com @@ -284,13 +289,13 @@ dns: - usemessages.com - type: word - name: Gitbook + name: gitbook words: - gitbook.com - gitbook.io - type: word - name: Google Firebase + name: google-firebase words: - fcm.googleapis.com - firebase.com @@ -310,7 +315,7 @@ dns: - firebaseremoteconfig.googleapis.com - type: word - name: Zendesk + name: zendesk words: - zdassets.com - zdorigin.com @@ -318,7 +323,7 @@ dns: - zopim.com - type: word - name: Imperva + name: imperva words: - incapdns.net - incapsula.com @@ -333,14 +338,14 @@ dns: - proofpoint.com - type: word - name: Q4 Investor Relations + name: q4-investor-relations words: - q4inc.com - q4ir.com - q4web.com - type: word - name: Google Hosted + name: google-hosted words: - appspot.com - cloudfunctions.net @@ -353,34 +358,34 @@ dns: - run.app - type: word - name: WP Engine + name: wp-engine words: - wpengine.com - type: word - name: GitHub + name: github words: - github.com - github.io - githubusercontent.com - type: word - name: Ghost + name: ghost words: - ghost.io - type: word - name: Digital Oceang + name: digital-ocean words: - ondigitalocean.app - type: word - name: Type Dream + name: typedream words: - ontypedream.com - type: word - name: Oracle Eloqua Marketing + name: oracle-eloqua-marketing words: - hs.eloqua.com \ No newline at end of file