Add decorator for checking if technique is disabled
This commit is contained in:
parent
98ef46b4ec
commit
16e2c94037
|
@ -18,15 +18,16 @@ class T1003(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
data = {'title': T1003.technique_title()}
|
@T1003.is_status_disabled
|
||||||
|
def get_technique_status_and_data():
|
||||||
if not T1003.is_enabled_in_config():
|
|
||||||
status = ScanStatus.DISABLED.value
|
|
||||||
else:
|
|
||||||
if mongo.db.telemetry.count_documents(T1003.query):
|
if mongo.db.telemetry.count_documents(T1003.query):
|
||||||
status = ScanStatus.USED.value
|
status = ScanStatus.USED.value
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
return (status, [])
|
||||||
|
|
||||||
|
data = {'title': T1003.technique_title()}
|
||||||
|
status, _ = get_technique_status_and_data()
|
||||||
|
|
||||||
data.update(T1003.get_message_and_status(status))
|
data.update(T1003.get_message_and_status(status))
|
||||||
data.update(T1003.get_mitigation_by_status(status))
|
data.update(T1003.get_mitigation_by_status(status))
|
||||||
|
|
|
@ -27,13 +27,13 @@ class T1016(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
network_info = []
|
@T1016.is_status_disabled
|
||||||
|
def get_technique_status_and_data():
|
||||||
if not T1016.is_enabled_in_config():
|
|
||||||
status = ScanStatus.DISABLED.value
|
|
||||||
else:
|
|
||||||
network_info = list(mongo.db.telemetry.aggregate(T1016.query))
|
network_info = list(mongo.db.telemetry.aggregate(T1016.query))
|
||||||
status = ScanStatus.USED.value if network_info else ScanStatus.UNSCANNED.value
|
status = ScanStatus.USED.value if network_info else ScanStatus.UNSCANNED.value
|
||||||
|
return (status, network_info)
|
||||||
|
|
||||||
|
status, network_info = get_technique_status_and_data()
|
||||||
|
|
||||||
data = T1016.get_base_data_by_status(status)
|
data = T1016.get_base_data_by_status(status)
|
||||||
data.update({'network_info': network_info})
|
data.update({'network_info': network_info})
|
||||||
|
|
|
@ -28,16 +28,16 @@ class T1018(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
scan_info = []
|
@T1018.is_status_disabled
|
||||||
|
def get_technique_status_and_data():
|
||||||
if not T1018.is_enabled_in_config():
|
|
||||||
status = ScanStatus.DISABLED.value
|
|
||||||
else:
|
|
||||||
scan_info = list(mongo.db.telemetry.aggregate(T1018.query))
|
scan_info = list(mongo.db.telemetry.aggregate(T1018.query))
|
||||||
if scan_info:
|
if scan_info:
|
||||||
status = ScanStatus.USED.value
|
status = ScanStatus.USED.value
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
return (status, scan_info)
|
||||||
|
|
||||||
|
status, scan_info = get_technique_status_and_data()
|
||||||
|
|
||||||
data = T1018.get_base_data_by_status(status)
|
data = T1018.get_base_data_by_status(status)
|
||||||
data.update({'scan_info': scan_info})
|
data.update({'scan_info': scan_info})
|
||||||
|
|
|
@ -33,11 +33,9 @@ class T1021(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
|
@T1021.is_status_disabled
|
||||||
|
def get_technique_status_and_data():
|
||||||
attempts = []
|
attempts = []
|
||||||
|
|
||||||
if not T1021.is_enabled_in_config():
|
|
||||||
status = ScanStatus.DISABLED.value
|
|
||||||
else:
|
|
||||||
if mongo.db.telemetry.count_documents(T1021.scanned_query):
|
if mongo.db.telemetry.count_documents(T1021.scanned_query):
|
||||||
attempts = list(mongo.db.telemetry.aggregate(T1021.query))
|
attempts = list(mongo.db.telemetry.aggregate(T1021.query))
|
||||||
if attempts:
|
if attempts:
|
||||||
|
@ -50,6 +48,9 @@ class T1021(AttackTechnique):
|
||||||
status = ScanStatus.SCANNED.value
|
status = ScanStatus.SCANNED.value
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
return (status, attempts)
|
||||||
|
|
||||||
|
status, attempts = get_technique_status_and_data()
|
||||||
|
|
||||||
data = T1021.get_base_data_by_status(status)
|
data = T1021.get_base_data_by_status(status)
|
||||||
data.update({'services': attempts})
|
data.update({'services': attempts})
|
||||||
|
|
|
@ -13,11 +13,8 @@ class T1041(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
info = []
|
@T1041.is_status_disabled
|
||||||
|
def get_technique_status_and_data():
|
||||||
if not T1041.is_enabled_in_config():
|
|
||||||
status = ScanStatus.DISABLED.value
|
|
||||||
else:
|
|
||||||
monkeys = list(Monkey.objects())
|
monkeys = list(Monkey.objects())
|
||||||
info = [{'src': monkey['command_control_channel']['src'],
|
info = [{'src': monkey['command_control_channel']['src'],
|
||||||
'dst': monkey['command_control_channel']['dst']}
|
'dst': monkey['command_control_channel']['dst']}
|
||||||
|
@ -26,6 +23,9 @@ class T1041(AttackTechnique):
|
||||||
status = ScanStatus.USED.value
|
status = ScanStatus.USED.value
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
return (status, info)
|
||||||
|
|
||||||
|
status, info = get_technique_status_and_data()
|
||||||
|
|
||||||
data = T1041.get_base_data_by_status(status)
|
data = T1041.get_base_data_by_status(status)
|
||||||
data.update({'command_control_channel': info})
|
data.update({'command_control_channel': info})
|
||||||
|
|
|
@ -23,15 +23,17 @@ class T1059(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
if not T1059.is_enabled_in_config():
|
@T1059.is_status_disabled
|
||||||
status = ScanStatus.DISABLED.value
|
def get_technique_status_and_data():
|
||||||
else:
|
|
||||||
cmd_data = list(mongo.db.telemetry.aggregate(T1059.query))
|
cmd_data = list(mongo.db.telemetry.aggregate(T1059.query))
|
||||||
data = {'title': T1059.technique_title(), 'cmds': cmd_data}
|
|
||||||
if cmd_data:
|
if cmd_data:
|
||||||
status = ScanStatus.USED.value
|
status = ScanStatus.USED.value
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
return (status, cmd_data)
|
||||||
|
|
||||||
|
status, cmd_data = get_technique_status_and_data()
|
||||||
|
data = {'title': T1059.technique_title(), 'cmds': cmd_data}
|
||||||
|
|
||||||
data.update(T1059.get_message_and_status(status))
|
data.update(T1059.get_message_and_status(status))
|
||||||
data.update(T1059.get_mitigation_by_status(status))
|
data.update(T1059.get_mitigation_by_status(status))
|
||||||
|
|
|
@ -30,19 +30,20 @@ class T1075(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
data = {'title': T1075.technique_title()}
|
@T1075.is_status_disabled
|
||||||
|
def get_technique_status_and_data():
|
||||||
if not T1075.is_enabled_in_config():
|
|
||||||
status = ScanStatus.DISABLED.value
|
|
||||||
else:
|
|
||||||
successful_logins = list(mongo.db.telemetry.aggregate(T1075.query))
|
successful_logins = list(mongo.db.telemetry.aggregate(T1075.query))
|
||||||
data.update({'successful_logins': successful_logins})
|
|
||||||
if successful_logins:
|
if successful_logins:
|
||||||
status = ScanStatus.USED.value
|
status = ScanStatus.USED.value
|
||||||
elif mongo.db.telemetry.count_documents(T1075.login_attempt_query):
|
elif mongo.db.telemetry.count_documents(T1075.login_attempt_query):
|
||||||
status = ScanStatus.SCANNED.value
|
status = ScanStatus.SCANNED.value
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
return (status, successful_logins)
|
||||||
|
|
||||||
|
status, successful_logins = get_technique_status_and_data()
|
||||||
|
data = {'title': T1075.technique_title()}
|
||||||
|
data.update({'successful_logins': successful_logins})
|
||||||
|
|
||||||
data.update(T1075.get_message_and_status(status))
|
data.update(T1075.get_message_and_status(status))
|
||||||
data.update(T1075.get_mitigation_by_status(status))
|
data.update(T1075.get_mitigation_by_status(status))
|
||||||
|
|
|
@ -38,17 +38,18 @@ class T1082(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
data = {'title': T1082.technique_title()}
|
@T1082.is_status_disabled
|
||||||
|
def get_technique_status_and_data():
|
||||||
if not T1082.is_enabled_in_config():
|
|
||||||
status = ScanStatus.DISABLED.value
|
|
||||||
else:
|
|
||||||
system_info = list(mongo.db.telemetry.aggregate(T1082.query))
|
system_info = list(mongo.db.telemetry.aggregate(T1082.query))
|
||||||
data.update({'system_info': system_info})
|
|
||||||
if system_info:
|
if system_info:
|
||||||
status = ScanStatus.USED.value
|
status = ScanStatus.USED.value
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
return (status, system_info)
|
||||||
|
|
||||||
|
status, system_info = get_technique_status_and_data()
|
||||||
|
data = {'title': T1082.technique_title()}
|
||||||
|
data.update({'system_info': system_info})
|
||||||
|
|
||||||
data.update(T1082.get_mitigation_by_status(status))
|
data.update(T1082.get_mitigation_by_status(status))
|
||||||
data.update(T1082.get_message_and_status(status))
|
data.update(T1082.get_message_and_status(status))
|
||||||
|
|
|
@ -25,15 +25,17 @@ class T1086(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
if not T1086.is_enabled_in_config():
|
@T1086.is_status_disabled
|
||||||
status = ScanStatus.DISABLED.value
|
def get_technique_status_and_data():
|
||||||
else:
|
|
||||||
cmd_data = list(mongo.db.telemetry.aggregate(T1086.query))
|
cmd_data = list(mongo.db.telemetry.aggregate(T1086.query))
|
||||||
data = {'title': T1086.technique_title(), 'cmds': cmd_data}
|
|
||||||
if cmd_data:
|
if cmd_data:
|
||||||
status = ScanStatus.USED.value
|
status = ScanStatus.USED.value
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
return (status, cmd_data)
|
||||||
|
|
||||||
|
status, cmd_data = get_technique_status_and_data()
|
||||||
|
data = {'title': T1086.technique_title(), 'cmds': cmd_data}
|
||||||
|
|
||||||
data.update(T1086.get_mitigation_by_status(status))
|
data.update(T1086.get_mitigation_by_status(status))
|
||||||
data.update(T1086.get_message_and_status(status))
|
data.update(T1086.get_message_and_status(status))
|
||||||
|
|
|
@ -13,14 +13,14 @@ class T1090(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
monkeys = []
|
@T1090.is_status_disabled
|
||||||
|
def get_technique_status_and_data():
|
||||||
if not T1090.is_enabled_in_config():
|
|
||||||
status = ScanStatus.DISABLED.value
|
|
||||||
else:
|
|
||||||
monkeys = Monkey.get_tunneled_monkeys()
|
monkeys = Monkey.get_tunneled_monkeys()
|
||||||
monkeys = [monkey.get_network_info() for monkey in monkeys]
|
monkeys = [monkey.get_network_info() for monkey in monkeys]
|
||||||
status = ScanStatus.USED.value if monkeys else ScanStatus.UNSCANNED.value
|
status = ScanStatus.USED.value if monkeys else ScanStatus.UNSCANNED.value
|
||||||
|
return (status, monkeys)
|
||||||
|
|
||||||
|
status, monkeys = get_technique_status_and_data()
|
||||||
|
|
||||||
data = T1090.get_base_data_by_status(status)
|
data = T1090.get_base_data_by_status(status)
|
||||||
data.update({'proxies': monkeys})
|
data.update({'proxies': monkeys})
|
||||||
|
|
|
@ -26,11 +26,8 @@ class T1110(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
attempts = []
|
@T1110.is_status_disabled
|
||||||
|
def get_technique_status_and_data():
|
||||||
if not T1110.is_enabled_in_config():
|
|
||||||
status = ScanStatus.DISABLED.value
|
|
||||||
else:
|
|
||||||
attempts = list(mongo.db.telemetry.aggregate(T1110.query))
|
attempts = list(mongo.db.telemetry.aggregate(T1110.query))
|
||||||
succeeded = False
|
succeeded = False
|
||||||
|
|
||||||
|
@ -46,6 +43,9 @@ class T1110(AttackTechnique):
|
||||||
status = ScanStatus.SCANNED.value
|
status = ScanStatus.SCANNED.value
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
return (status, attempts)
|
||||||
|
|
||||||
|
status, attempts = get_technique_status_and_data()
|
||||||
|
|
||||||
data = T1110.get_base_data_by_status(status)
|
data = T1110.get_base_data_by_status(status)
|
||||||
# Remove data with no successful brute force attempts
|
# Remove data with no successful brute force attempts
|
||||||
|
|
|
@ -20,16 +20,16 @@ class T1145(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
ssh_info = []
|
@T1145.is_status_disabled
|
||||||
|
def get_technique_status_and_data():
|
||||||
if not T1145.is_enabled_in_config():
|
|
||||||
status = ScanStatus.DISABLED.value
|
|
||||||
else:
|
|
||||||
ssh_info = list(mongo.db.telemetry.aggregate(T1145.query))
|
ssh_info = list(mongo.db.telemetry.aggregate(T1145.query))
|
||||||
if ssh_info:
|
if ssh_info:
|
||||||
status = ScanStatus.USED.value
|
status = ScanStatus.USED.value
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
return (status, ssh_info)
|
||||||
|
|
||||||
|
status, ssh_info = get_technique_status_and_data()
|
||||||
|
|
||||||
data = T1145.get_base_data_by_status(status)
|
data = T1145.get_base_data_by_status(status)
|
||||||
data.update({'ssh_info': ssh_info})
|
data.update({'ssh_info': ssh_info})
|
||||||
|
|
|
@ -13,11 +13,8 @@ class T1188(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
hops = []
|
@T1188.is_status_disabled
|
||||||
|
def get_technique_status_and_data():
|
||||||
if not T1188.is_enabled_in_config():
|
|
||||||
status = ScanStatus.DISABLED.value
|
|
||||||
else:
|
|
||||||
monkeys = Monkey.get_tunneled_monkeys()
|
monkeys = Monkey.get_tunneled_monkeys()
|
||||||
hops = []
|
hops = []
|
||||||
for monkey in monkeys:
|
for monkey in monkeys:
|
||||||
|
@ -31,6 +28,9 @@ class T1188(AttackTechnique):
|
||||||
'to': proxy.get_network_info(),
|
'to': proxy.get_network_info(),
|
||||||
'count': proxy_count})
|
'count': proxy_count})
|
||||||
status = ScanStatus.USED.value if hops else ScanStatus.UNSCANNED.value
|
status = ScanStatus.USED.value if hops else ScanStatus.UNSCANNED.value
|
||||||
|
return (status, hops)
|
||||||
|
|
||||||
|
status, hops = get_technique_status_and_data()
|
||||||
|
|
||||||
data = T1188.get_base_data_by_status(status)
|
data = T1188.get_base_data_by_status(status)
|
||||||
data.update({'hops': hops})
|
data.update({'hops': hops})
|
||||||
|
|
|
@ -13,13 +13,8 @@ class T1210(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
scanned_services = []
|
@T1210.is_status_disabled
|
||||||
exploited_services = []
|
def get_technique_status_and_data():
|
||||||
data = {'title': T1210.technique_title()}
|
|
||||||
|
|
||||||
if not T1210.is_enabled_in_config():
|
|
||||||
status = ScanStatus.DISABLED.value
|
|
||||||
else:
|
|
||||||
scanned_services = T1210.get_scanned_services()
|
scanned_services = T1210.get_scanned_services()
|
||||||
exploited_services = T1210.get_exploited_services()
|
exploited_services = T1210.get_exploited_services()
|
||||||
if exploited_services:
|
if exploited_services:
|
||||||
|
@ -28,6 +23,15 @@ class T1210(AttackTechnique):
|
||||||
status = ScanStatus.SCANNED.value
|
status = ScanStatus.SCANNED.value
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
return (status, scanned_services, exploited_services)
|
||||||
|
|
||||||
|
status_and_data = get_technique_status_and_data()
|
||||||
|
status = status_and_data[0]
|
||||||
|
if status == ScanStatus.DISABLED.value:
|
||||||
|
scanned_services, exploited_services = [], []
|
||||||
|
else:
|
||||||
|
scanned_services, exploited_services = status_and_data[1], status_and_data[2]
|
||||||
|
data = {'title': T1210.technique_title()}
|
||||||
|
|
||||||
data.update(T1210.get_message_and_status(status))
|
data.update(T1210.get_message_and_status(status))
|
||||||
data.update(T1210.get_mitigation_by_status(status))
|
data.update(T1210.get_mitigation_by_status(status))
|
||||||
|
|
|
@ -63,7 +63,7 @@ class AttackTechnique(object, metaclass=abc.ABCMeta):
|
||||||
Gets the status of a certain attack technique.
|
Gets the status of a certain attack technique.
|
||||||
:return: ScanStatus numeric value
|
:return: ScanStatus numeric value
|
||||||
"""
|
"""
|
||||||
if not cls.is_enabled_in_config():
|
if not cls._is_enabled_in_config():
|
||||||
return ScanStatus.DISABLED.value
|
return ScanStatus.DISABLED.value
|
||||||
elif mongo.db.telemetry.find_one({'telem_category': 'attack',
|
elif mongo.db.telemetry.find_one({'telem_category': 'attack',
|
||||||
'data.status': ScanStatus.USED.value,
|
'data.status': ScanStatus.USED.value,
|
||||||
|
@ -139,5 +139,11 @@ class AttackTechnique(object, metaclass=abc.ABCMeta):
|
||||||
return {}
|
return {}
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def is_enabled_in_config(cls) -> bool:
|
def is_status_disabled(cls, get_technique_status_and_data) -> bool:
|
||||||
|
def check_if_disabled_in_config():
|
||||||
|
return (ScanStatus.DISABLED.value, []) if not cls._is_enabled_in_config() else get_technique_status_and_data()
|
||||||
|
return check_if_disabled_in_config
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def _is_enabled_in_config(cls) -> bool:
|
||||||
return AttackConfig.get_technique_values()[cls.tech_id]
|
return AttackConfig.get_technique_values()[cls.tech_id]
|
||||||
|
|
|
@ -38,12 +38,8 @@ class PostBreachTechnique(AttackTechnique, metaclass=abc.ABCMeta):
|
||||||
"""
|
"""
|
||||||
:return: Technique's report data aggregated from the database
|
:return: Technique's report data aggregated from the database
|
||||||
"""
|
"""
|
||||||
data = {'title': cls.technique_title(), 'info': []}
|
@cls.is_status_disabled
|
||||||
info = []
|
def get_technique_status_and_data():
|
||||||
|
|
||||||
if not cls.is_enabled_in_config():
|
|
||||||
status = ScanStatus.DISABLED.value
|
|
||||||
else:
|
|
||||||
info = list(mongo.db.telemetry.aggregate(cls.get_pba_query(cls.pba_names)))
|
info = list(mongo.db.telemetry.aggregate(cls.get_pba_query(cls.pba_names)))
|
||||||
status = ScanStatus.UNSCANNED.value
|
status = ScanStatus.UNSCANNED.value
|
||||||
if info:
|
if info:
|
||||||
|
@ -52,6 +48,10 @@ class PostBreachTechnique(AttackTechnique, metaclass=abc.ABCMeta):
|
||||||
'data.result.1': True
|
'data.result.1': True
|
||||||
})
|
})
|
||||||
status = ScanStatus.USED.value if successful_PBAs else ScanStatus.SCANNED.value
|
status = ScanStatus.USED.value if successful_PBAs else ScanStatus.SCANNED.value
|
||||||
|
return (status, info)
|
||||||
|
|
||||||
|
data = {'title': cls.technique_title()}
|
||||||
|
status, info = get_technique_status_and_data()
|
||||||
|
|
||||||
data.update(cls.get_base_data_by_status(status))
|
data.update(cls.get_base_data_by_status(status))
|
||||||
data.update({'info': info})
|
data.update({'info': info})
|
||||||
|
|
Loading…
Reference in New Issue