From 89b6a1f7bbde6a64d12b9a1529d9e683b31a6da0 Mon Sep 17 00:00:00 2001 From: Jonathan Lassoff Date: Tue, 12 Dec 2023 14:15:41 -0800 Subject: [PATCH] Add PCI and DMZ network configuration to panther_config (#1018) Co-authored-by: Evan Gibler --- global_helpers/panther_base_helpers.py | 14 +++----------- global_helpers/panther_config_defaults.py | 8 ++++++++ 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/global_helpers/panther_base_helpers.py b/global_helpers/panther_base_helpers.py index 8ebeb2a27..8b91b3dbd 100644 --- a/global_helpers/panther_base_helpers.py +++ b/global_helpers/panther_base_helpers.py @@ -7,6 +7,7 @@ from functools import reduce from ipaddress import ip_address, ip_network from typing import Any, List, Optional, Sequence, Union +from panther_config import config # # # # # # # # # # # # # # # Exceptions # @@ -35,25 +36,16 @@ def in_pci_scope_tags(resource): return resource["Tags"].get(CDE_TAG_KEY) == CDE_TAG_VALUE +PCI_NETWORKS = config.PCI_NETWORKS # Expects a string in cidr notation (e.g. '10.0.0.0/24') indicating the ip range being checked # Returns True if any ip in the range is marked as in scope -PCI_NETWORKS = [ - ip_network("10.0.0.0/24"), -] - - def is_pci_scope_cidr(ip_range): return any(ip_network(ip_range).overlaps(pci_network) for pci_network in PCI_NETWORKS) +DMZ_NETWORKS = config.DMZ_NETWORKS # Expects a string in cidr notation (e.g. '10.0.0.0/24') indicating the ip range being checked # Returns True if any ip in the range is marked as DMZ space. -DMZ_NETWORKS = [ - ip_network("10.1.0.0/24"), - ip_network("100.1.0.0/24"), -] - - def is_dmz_cidr(ip_range): """This function determines whether a given IP range is within the defined DMZ IP range.""" return any(ip_network(ip_range).overlaps(dmz_network) for dmz_network in DMZ_NETWORKS) diff --git a/global_helpers/panther_config_defaults.py b/global_helpers/panther_config_defaults.py index 87a8f01bb..988f727df 100644 --- a/global_helpers/panther_config_defaults.py +++ b/global_helpers/panther_config_defaults.py @@ -13,3 +13,11 @@ MS_EXCHANGE_ALLOWED_FORWARDING_DESTINATION_DOMAINS = ORGANIZATION_DOMAINS MS_EXCHANGE_ALLOWED_FORWARDING_DESTINATION_EMAILS = ["postmaster@" + ORGANIZATION_DOMAINS[0]] TELEPORT_ORGANIZATION_DOMAINS = ORGANIZATION_DOMAINS + +PCI_NETWORKS = [ + # ip_network("10.0.0.0/24"), +] + +DMZ_NETWORKS = [ + # ip_network("10.1.0.0/24"), +]