Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create FirewallRule entity class #70

Open
ndowmon opened this issue Mar 24, 2021 · 3 comments
Open

Create FirewallRule entity class #70

ndowmon opened this issue Mar 24, 2021 · 3 comments
Labels
new-class New Class

Comments

@ndowmon
Copy link
Contributor

ndowmon commented Mar 24, 2021

Historically, Firewall Rules have been created as edges between Firewalls and "The Internet". Properties such as Allow/Deny, startIp/endIp, protocol, etc. have been properties on these edges, and to query in J1QL, one must build a query like FIND Firewall THAT (ALLOWS|DENIES) as firewallRule * return firewallRule.*.

Firewall rules aren't always related to Firewalls, though, as is the case with Azure SQL Servers (who have firewall rules with fewer properties, omitting Allows/Denies, Protocol, and other typical properties). I think it would be best to create a FirewallRule entity class.

@ndowmon ndowmon added the new-class New Class label Mar 24, 2021
@mknoedel
Copy link
Contributor

mknoedel commented Mar 24, 2021

do you think we could accomplish this by expanding or changing Rules and RuleSets instead?

@aiwilliams
Copy link
Contributor

@ndowmon I'd like to clarify goals and non goals:

  1. Non-goal: Avoid relationships for obtaining properties in a query/question.
  2. Goal: Support ingesting rules for host-based firewalls, where there is no entity to represent the Firewall. That is, there is only the entity representing the host/service where the rules are evaluated, but it doesn't makes sense to add the class Firewall to that entity.
  3. Goal: Support a J1 query that shows which cloud services, hosts, or the Internet can access the protected host/service.

do you think we could accomplish this by expanding or changing Rules and RuleSets instead?

Those do seem like they could be a good fit for 2 above. What would the J1QL look like, do you think @ndowmon, to accomplish 3 (assuming that is a goal)?

@ndowmon
Copy link
Contributor Author

ndowmon commented May 17, 2021

I want to bump this one again. Lots of entities in Azure support host-based firewall rules, and a lot of queries of security importance rely on being able to ID these firewall rules.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
new-class New Class
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants