Island: Remove TunnelTelem

This commit is contained in:
Kekoa Kaaikala 2022-09-08 14:30:58 +00:00 committed by Mike Salvatore
parent cb45cd8873
commit 4a2297b097
6 changed files with 0 additions and 66 deletions

View File

@ -8,4 +8,3 @@ class TelemCategoryEnum:
SCAN = "scan" SCAN = "scan"
STATE = "state" STATE = "state"
TRACE = "trace" TRACE = "trace"
TUNNEL = "tunnel"

View File

@ -64,16 +64,6 @@ class TelemetryFeed(AbstractResource):
def get_telem_brief_parser_by_category(telem_category): def get_telem_brief_parser_by_category(telem_category):
return TELEM_PROCESS_DICT[telem_category] return TELEM_PROCESS_DICT[telem_category]
@staticmethod
def get_tunnel_telem_brief(telem):
tunnel = telem["data"]["proxy"]
if tunnel is None:
return "No tunnel is used."
else:
tunnel_host_ip = tunnel.split(":")[-2].replace("//", "")
tunnel_host = NodeService.get_monkey_by_ip(tunnel_host_ip)["hostname"]
return "Tunnel set up to machine: %s." % tunnel_host
@staticmethod @staticmethod
def get_state_telem_brief(telem): def get_state_telem_brief(telem):
if telem["data"]["done"]: if telem["data"]["done"]:
@ -132,7 +122,6 @@ TELEM_PROCESS_DICT = {
TelemCategoryEnum.SCAN: TelemetryFeed.get_scan_telem_brief, TelemCategoryEnum.SCAN: TelemetryFeed.get_scan_telem_brief,
TelemCategoryEnum.STATE: TelemetryFeed.get_state_telem_brief, TelemCategoryEnum.STATE: TelemetryFeed.get_state_telem_brief,
TelemCategoryEnum.TRACE: TelemetryFeed.get_trace_telem_brief, TelemCategoryEnum.TRACE: TelemetryFeed.get_trace_telem_brief,
TelemCategoryEnum.TUNNEL: TelemetryFeed.get_tunnel_telem_brief,
} }

View File

@ -8,7 +8,6 @@ from monkey_island.cc.services.telemetry.processing.exploit import process_explo
from monkey_island.cc.services.telemetry.processing.post_breach import process_post_breach_telemetry from monkey_island.cc.services.telemetry.processing.post_breach import process_post_breach_telemetry
from monkey_island.cc.services.telemetry.processing.scan import process_scan_telemetry from monkey_island.cc.services.telemetry.processing.scan import process_scan_telemetry
from monkey_island.cc.services.telemetry.processing.state import process_state_telemetry from monkey_island.cc.services.telemetry.processing.state import process_state_telemetry
from monkey_island.cc.services.telemetry.processing.tunnel import process_tunnel_telemetry
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -22,7 +21,6 @@ TELEMETRY_CATEGORY_TO_PROCESSING_FUNC = {
TelemCategoryEnum.SCAN: process_scan_telemetry, TelemCategoryEnum.SCAN: process_scan_telemetry,
TelemCategoryEnum.STATE: process_state_telemetry, TelemCategoryEnum.STATE: process_state_telemetry,
TelemCategoryEnum.TRACE: lambda *args, **kwargs: None, TelemCategoryEnum.TRACE: lambda *args, **kwargs: None,
TelemCategoryEnum.TUNNEL: process_tunnel_telemetry,
} }
# Don't save credential telemetries in telemetries collection. # Don't save credential telemetries in telemetries collection.

View File

@ -1,15 +0,0 @@
from monkey_island.cc.services.node import NodeService
from monkey_island.cc.services.telemetry.processing.utils import get_tunnel_host_ip_from_proxy_field
from monkey_island.cc.services.telemetry.zero_trust_checks.tunneling import (
check_tunneling_violation,
)
def process_tunnel_telemetry(telemetry_json, _):
check_tunneling_violation(telemetry_json)
monkey_id = NodeService.get_monkey_by_guid(telemetry_json["monkey_guid"])["_id"]
if telemetry_json["data"]["proxy"] is not None:
tunnel_host_ip = get_tunnel_host_ip_from_proxy_field(telemetry_json)
NodeService.set_monkey_tunnel(monkey_id, tunnel_host_ip)
else:
NodeService.unset_all_monkey_tunnels(monkey_id)

View File

@ -14,8 +14,3 @@ def get_edge_by_scan_or_exploit_telemetry(telemetry_json):
dst_label = NodeService.get_label_for_endpoint(dst_node["_id"]) dst_label = NodeService.get_label_for_endpoint(dst_node["_id"])
return EdgeService.get_or_create_edge(src_monkey["_id"], dst_node["_id"], src_label, dst_label) return EdgeService.get_or_create_edge(src_monkey["_id"], dst_node["_id"], src_label, dst_label)
def get_tunnel_host_ip_from_proxy_field(telemetry_json):
tunnel_host_ip = telemetry_json["data"]["proxy"].split(":")[-2].replace("//", "")
return tunnel_host_ip

View File

@ -1,32 +0,0 @@
import common.common_consts.zero_trust_consts as zero_trust_consts
from monkey_island.cc.models import Monkey
from monkey_island.cc.models.zero_trust.event import Event
from monkey_island.cc.services.telemetry.processing.utils import get_tunnel_host_ip_from_proxy_field
from monkey_island.cc.services.zero_trust.monkey_findings.monkey_zt_finding_service import (
MonkeyZTFindingService,
)
def check_tunneling_violation(tunnel_telemetry_json):
if tunnel_telemetry_json["data"]["proxy"] is not None:
# Monkey is tunneling, create findings
tunnel_host_ip = get_tunnel_host_ip_from_proxy_field(tunnel_telemetry_json)
current_monkey = Monkey.get_single_monkey_by_guid(tunnel_telemetry_json["monkey_guid"])
tunneling_events = [
Event.create_event(
title="Tunneling event",
message="Monkey on {hostname} tunneled traffic through {proxy}.".format(
hostname=current_monkey.hostname, proxy=tunnel_host_ip
),
event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK,
timestamp=tunnel_telemetry_json["timestamp"],
)
]
MonkeyZTFindingService.create_or_add_to_existing(
test=zero_trust_consts.TEST_TUNNELING,
status=zero_trust_consts.STATUS_FAILED,
events=tunneling_events,
)
MonkeyZTFindingService.add_malicious_activity_to_timeline(tunneling_events)