MISP
/
misp-warninglists
mirror of https://github.com/MISP/misp-warninglists
2
0
Fork 0
Code Issues Releases Wiki Activity

Add generator script for Tenable

pull/226/head
John Berkers 2022-10-05 18:03:03 +11:00
parent 917b9659dd
commit 3069e9ab00
3 changed files with 133 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
lists/tenable-cloud-ipv4/list.json Normal file
View File

@ -0,0 +1,51 @@
{
"description": "Tenable IPv4 Cloud Sensors addresses used for scanning Internet-facing infrastructure",
"list": [
"13.115.104.128/25",
"13.210.1.64/26",
"13.213.79.0/24",
"13.56.21.128/25",
"13.59.250.76/32",
"13.59.252.0/25",
"15.228.125.0/24",
"162.159.129.83/32",
"162.159.130.83/32",
"18.116.198.0/24",
"18.139.204.0/25",
"18.168.180.128/25",
"18.168.224.128/25",
"18.194.95.64/26",
"3.101.175.0/25",
"3.106.118.128/25",
"3.108.37.0/24",
"3.124.123.128/25",
"3.132.217.0/25",
"3.251.224.0/24",
"3.26.100.0/24",
"3.67.7.128/25",
"3.9.159.128/25",
"3.98.92.0/25",
"34.201.223.128/25",
"34.223.64.0/25",
"35.177.219.0/26",
"35.182.14.64/26",
"35.73.219.128/25",
"35.82.51.128/25",
"35.86.126.0/24",
"44.192.244.0/24",
"44.206.3.0/24",
"44.242.181.128/25",
"54.175.125.192/26",
"54.219.188.128/26",
"54.255.254.0/26",
"54.93.254.128/26"
],
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
],
"name": "List of known Tenable Cloud Sensors IPv4",
"type": "cidr",
"version": 20221005
}

28
lists/tenable-cloud-ipv6/list.json Normal file
View File

@ -0,0 +1,28 @@
{
"description": "Tenable IPv4 Cloud Sensors addresses used for scanning Internet-facing infrastructure",
"list": [
"2406:da14:e76:5b00::/56",
"2406:da18:844:7100::/56",
"2406:da1a:5b2:8500::/56",
"2406:da1c:20f:2f00::/56",
"2600:1f11:622:3000::/56",
"2600:1f14:141:7b00::/56",
"2600:1f16:8ca:e900::/56",
"2600:1f18:614c:8000::/56",
"2600:1f1c:13e:9e00::/56",
"2600:1f1e:9a:ba00::/56",
"2606:4700:7::a29f:8153/128",
"2606:4700:7::a29f:8253/128",
"2a05:d014:532:b00::/56",
"2a05:d018:f53:4100::/56",
"2a05:d01c:da5:e800::/56"
],
"matching_attributes": [
"ip-src",
"ip-dst",
"domain|ip"
],
"name": "List of known Tenable Cloud Sensors IPv6",
"type": "cidr",
"version": 20221005
}

54
tools/generate-tenable.py Normal file
View File

@ -0,0 +1,54 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import json
from generator import download, download_to_file, get_version, write_to_file, get_abspath_source_file, consolidate_networks
def process(file, dst, name: str, description: str, prefixlist: str, prefixitem: str):
warninglist = {
'name': name,
'version': get_version(),
'description': description,
'matching_attributes': ["ip-src", "ip-dst", "domain|ip"],
'type': 'cidr'
}
with open(get_abspath_source_file(file), 'r') as json_file:
tenable_ip_list = json.load(json_file)
values = []
for value in tenable_ip_list[prefixlist]:
values.append(value[prefixitem])
warninglist['list'] = consolidate_networks(values)
write_to_file(warninglist, dst)
if __name__ == '__main__':
TYPES = [
{
"name": "List of known Tenable Cloud Sensors IPv4",
"description": "Tenable IPv4 Cloud Sensor addresses used for scanning Internet-facing infrastructure",
"url": "https://docs.tenable.com/ip-ranges/data.json",
"file": "tenable-cloud.json",
"destination_folder": "tenable-cloud-ipv4",
"prefixlist": "prefixes",
"prefixitem": "ip_prefix",
},
{
"name": "List of known Tenable Cloud Sensors IPv6",
"description": "Tenable IPv6 Cloud Sensor addresses used for scanning Internet-facing infrastructure",
"url": "https://docs.tenable.com/ip-ranges/data.json",
"file": "tenable-cloud.json",
"destination_folder": "tenable-cloud-ipv6",
"prefixlist": "ipv6_prefixes",
"prefixitem": "ipv6_prefix",
}
]
for type in TYPES:
tenable_json_url = type["url"]
download_to_file(tenable_json_url, type["file"])
process(type["file"], type["destination_folder"], type["name"], type["description"], type["prefixlist"], type["prefixitem"])