External Assets - DNS Name?
Hello, We are adding External Assets for external scans and are adding a ton of IPs. I was creating this post to see what the DNS Name would do differently than adding IPs. Are they wanting the URI in that spot or the name of a DNS Server? Are they going to pick up all of the IPs from my DNS records for the URI/domain name I put in there?
There is zero information about this in the documentation.
-
Official comment
Hi David Greenwalt - Adding a DNS name/domain name, such as abc.com, will provide the Alert Logic scan the ability to scan both the domain name as well as the underlying IP address that it uses. This is beneficial in certain situations where the underlying IP address may not serve up a web service where the domain name will. It will provide a more thorough scan of the external asset so we would suggest using it regardless.
When making an entry, you would enter the URI/domain name you would use to access the web service.
As to whether all IP addresses will get picked up, it depends on how many IP addresses are tied to single domain name/URI. If the answer is one IP address per domain name/URI, then yes we should be able to pick them all up based on you providing the domain name/URI alone. If there are multiple IP addresses, then we will only pick up the one we see the domain name/URI resolving to when we go to scan the asset. So in that case, you would need to add the external IP addresses as assets as well. This will ensure we scan everything they want in scope.
I hope this helps, but please reach out if you have additional questions!
-
Hi, Thanks! This is exactly the info I needed. A follow-up question: I should not only add the domain.com but also any sub domains because they will point to different IPs than the root domain. If I'm understanding your previously reply, these A record references with other IPs won't be picked up by the DNS Name.
0
Please sign in to leave a comment.
Comments
2 comments