Solved

How to identify all internet exposed resources?

  • 27 July 2023
  • 2 replies
  • 452 views

Badge

Details

icon

Best answer by robert5156 5 September 2023, 05:59

View original

2 replies

@julian.harty Did you figure out a way to accomplish your original ask.

I am looking for similar issue. Basically with-in lacework kubernetes , looking to see which pods & nodes are accessible from internet ( inbound from internet). What i found so far is we can use 

Resources → Kubernetes → Pod Network → External connections . You can select all columns and download a CSV. 

If you filter for Inbound connections , it will show you which pods are accessible from internet . Keep in mind that the UI has a 5k connection limit. To get the full picture , will need to use API.

I am not 100% sure if this is accurate. For example the port numbers listed seems to be odd. I mean i have seen port numbers > 65k being listed which does not look right. I have a support case open to get clarifications and more information but overall at the moment , this seems to be a good starting point to get visibility on potential internet exposed resources. It will make sense to validate those internally just to ensure what lacework is providing is accurate or not.

There is a similar view for actual nodes as well. Node→ Kubernetes → Node Network → Node External Connections 

Hope this helps. Let me know your thoughts OR if you found different way to accomplish the same 

Thank you

Thanks for the details there @robert5156 -- I’ll have to give this a try on my end.

I’m also using a tool called Intruder (a nice front-end to Nessus vulnerability scanning) that has a great integration with our cloud environments that monitors for new resource creation and address assignment, then adds them to the queue for scanning.

Reply