p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

Renamed all zero trust tests to zero trust checks in back-end. This increases readability, because it differentiates unit test code from production code

This commit is contained in:
VakarisZ 2020-09-08 12:41:59 +03:00
parent 3490be1d8f
commit 4e1e9907b1
15 changed files with 45 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
monkey/monkey_island/cc/services/telemetry/processing/exploit.py
View File

@ -9,8 +9,8 @@ from monkey_island.cc.services.edge.displayed_edge import EdgeService
from monkey_island.cc.services.node import NodeService
from monkey_island.cc.services.telemetry.processing.utils import \
get_edge_by_scan_or_exploit_telemetry
from monkey_island.cc.services.telemetry.zero_trust_tests.machine_exploited import \
test_machine_exploited
from monkey_island.cc.services.telemetry.zero_trust_checks.machine_exploited import \
check_machine_exploited
def process_exploit_telemetry(telemetry_json):
@ -19,7 +19,7 @@ def process_exploit_telemetry(telemetry_json):
update_network_with_exploit(edge, telemetry_json)
update_node_credentials_from_successful_attempts(edge, telemetry_json)
test_machine_exploited(
check_machine_exploited(
current_monkey=Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid']),
exploit_successful=telemetry_json['data']['result'],
exploiter=telemetry_json['data']['exploiter'],

6
monkey/monkey_island/cc/services/telemetry/processing/post_breach.py
View File

@ -3,8 +3,8 @@ import copy
from common.common_consts.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER
from monkey_island.cc.database import mongo
from monkey_island.cc.models import Monkey
from monkey_island.cc.services.telemetry.zero_trust_tests.communicate_as_new_user import \
test_new_user_communication
from monkey_island.cc.services.telemetry.zero_trust_checks.communicate_as_new_user import \
check_new_user_communication
EXECUTION_WITHOUT_OUTPUT = "(PBA execution produced no output)"
@ -13,7 +13,7 @@ def process_communicate_as_new_user_telemetry(telemetry_json):
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
message = telemetry_json['data']['result'][0]
success = telemetry_json['data']['result'][1]
test_new_user_communication(current_monkey, success, message)
check_new_user_communication(current_monkey, success, message)
POST_BREACH_TELEMETRY_PROCESSING_FUNCS = {

12
monkey/monkey_island/cc/services/telemetry/processing/scan.py
View File

@ -4,19 +4,19 @@ from monkey_island.cc.services.edge.edge import EdgeService
from monkey_island.cc.services.node import NodeService
from monkey_island.cc.services.telemetry.processing.utils import \
get_edge_by_scan_or_exploit_telemetry
from monkey_island.cc.services.telemetry.zero_trust_tests.data_endpoints import \
test_open_data_endpoints
from monkey_island.cc.services.telemetry.zero_trust_tests.segmentation import \
test_segmentation_violation
from monkey_island.cc.services.telemetry.zero_trust_checks.data_endpoints import \
check_open_data_endpoints
from monkey_island.cc.services.telemetry.zero_trust_checks.segmentation import \
check_segmentation_violation
def process_scan_telemetry(telemetry_json):
update_edges_and_nodes_based_on_scan_telemetry(telemetry_json)
test_open_data_endpoints(telemetry_json)
check_open_data_endpoints(telemetry_json)
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
target_ip = telemetry_json['data']['machine']['ip_addr']
test_segmentation_violation(current_monkey, target_ip)
check_segmentation_violation(current_monkey, target_ip)
def update_edges_and_nodes_based_on_scan_telemetry(telemetry_json):

6
monkey/monkey_island/cc/services/telemetry/processing/state.py
View File

@ -2,8 +2,8 @@ import logging
from monkey_island.cc.models import Monkey
from monkey_island.cc.services.node import NodeService
from monkey_island.cc.services.telemetry.zero_trust_tests.segmentation import \
test_passed_findings_for_unreached_segments
from monkey_island.cc.services.telemetry.zero_trust_checks.segmentation import \
check_passed_findings_for_unreached_segments
logger = logging.getLogger(__name__)
@ -18,7 +18,7 @@ def process_state_telemetry(telemetry_json):
if telemetry_json['data']['done']:
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
test_passed_findings_for_unreached_segments(current_monkey)
check_passed_findings_for_unreached_segments(current_monkey)
if telemetry_json['data']['version']:
logger.info(f"monkey {telemetry_json['monkey_guid']} has version {telemetry_json['data']['version']}")

6
monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py
View File

@ -14,8 +14,8 @@ from monkey_island.cc.services.telemetry.processing.system_info_collectors.hostn
process_hostname_telemetry
from monkey_island.cc.services.telemetry.processing.system_info_collectors.scoutsuite import \
process_scout_suite_telemetry
from monkey_island.cc.services.telemetry.zero_trust_tests.antivirus_existence import \
test_antivirus_existence
from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence import \
check_antivirus_existence
logger = logging.getLogger(__name__)
@ -23,7 +23,7 @@ SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = {
AWS_COLLECTOR: [process_aws_telemetry],
ENVIRONMENT_COLLECTOR: [process_environment_telemetry],
HOSTNAME_COLLECTOR: [process_hostname_telemetry],
PROCESS_LIST_COLLECTOR: [test_antivirus_existence],
PROCESS_LIST_COLLECTOR: [check_antivirus_existence],
SCOUTSUITE_COLLECTOR: [process_scout_suite_telemetry]
}

6
monkey/monkey_island/cc/services/telemetry/processing/tunnel.py
View File

@ -1,12 +1,12 @@
from monkey_island.cc.services.node import NodeService
from monkey_island.cc.services.telemetry.processing.utils import \
get_tunnel_host_ip_from_proxy_field
from monkey_island.cc.services.telemetry.zero_trust_tests.tunneling import \
test_tunneling_violation
from monkey_island.cc.services.telemetry.zero_trust_checks.tunneling import \
check_tunneling_violation
def process_tunnel_telemetry(telemetry_json):
test_tunneling_violation(telemetry_json)
check_tunneling_violation(telemetry_json)
monkey_id = NodeService.get_monkey_by_guid(telemetry_json['monkey_guid'])["_id"]
if telemetry_json['data']['proxy'] is not None:
tunnel_host_ip = get_tunnel_host_ip_from_proxy_field(telemetry_json)

0
monkey/monkey_island/cc/services/telemetry/zero_trust_checks/__init__.py Normal file
View File

9
monkey/monkey_island/cc/services/telemetry/zero_trust_tests/antivirus_existence.py → monkey/monkey_island/cc/services/telemetry/zero_trust_checks/antivirus_existence.py
View File

@ -2,14 +2,13 @@ import json
import common.common_consts.zero_trust_consts as zero_trust_consts
from monkey_island.cc.models import Monkey
from monkey_island.cc.models.zero_trust.aggregate_finding import \
AggregateFinding
from monkey_island.cc.models.zero_trust.event import Event
from monkey_island.cc.services.telemetry.zero_trust_tests.known_anti_viruses import \
from monkey_island.cc.services.telemetry.zero_trust_checks.known_anti_viruses import \
ANTI_VIRUS_KNOWN_PROCESS_NAMES
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
def test_antivirus_existence(process_list_json, monkey_guid):
def check_antivirus_existence(process_list_json, monkey_guid):
current_monkey = Monkey.get_single_monkey_by_guid(monkey_guid)
process_list_event = Event.create_event(
@ -32,7 +31,7 @@ def test_antivirus_existence(process_list_json, monkey_guid):
test_status = zero_trust_consts.STATUS_PASSED
else:
test_status = zero_trust_consts.STATUS_FAILED
AggregateFinding.create_or_add_to_existing(
MonkeyFindingService.create_or_add_to_existing(
test=zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS, status=test_status, events=events
)

7
monkey/monkey_island/cc/services/telemetry/zero_trust_tests/communicate_as_new_user.py → monkey/monkey_island/cc/services/telemetry/zero_trust_checks/communicate_as_new_user.py
View File

@ -1,6 +1,5 @@
import common.common_consts.zero_trust_consts as zero_trust_consts
from monkey_island.cc.models.zero_trust.aggregate_finding import \
AggregateFinding
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
from monkey_island.cc.models.zero_trust.event import Event
COMM_AS_NEW_USER_FAILED_FORMAT = "Monkey on {} couldn't communicate as new user. Details: {}"
@ -8,8 +7,8 @@ COMM_AS_NEW_USER_SUCCEEDED_FORMAT = \
"New user created by Monkey on {} successfully tried to communicate with the internet. Details: {}"
def test_new_user_communication(current_monkey, success, message):
AggregateFinding.create_or_add_to_existing(
def check_new_user_communication(current_monkey, success, message):
MonkeyFindingService.create_or_add_to_existing(
test=zero_trust_consts.TEST_COMMUNICATE_AS_NEW_USER,
# If the monkey succeeded to create a user, then the test failed.
status=zero_trust_consts.STATUS_FAILED if success else zero_trust_consts.STATUS_PASSED,

11
monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py → monkey/monkey_island/cc/services/telemetry/zero_trust_checks/data_endpoints.py
View File

@ -3,14 +3,13 @@ import json
import common.common_consts.zero_trust_consts as zero_trust_consts
from common.common_consts.network_consts import ES_SERVICE
from monkey_island.cc.models import Monkey
from monkey_island.cc.models.zero_trust.aggregate_finding import (
AggregateFinding, add_malicious_activity_to_timeline)
from monkey_island.cc.models.zero_trust.event import Event
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
HTTP_SERVERS_SERVICES_NAMES = ['tcp-80']
def test_open_data_endpoints(telemetry_json):
def check_open_data_endpoints(telemetry_json):
services = telemetry_json["data"]["machine"]["services"]
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
found_http_server_status = zero_trust_consts.STATUS_PASSED
@ -56,16 +55,16 @@ def test_open_data_endpoints(telemetry_json):
event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK
))
AggregateFinding.create_or_add_to_existing(
MonkeyFindingService.create_or_add_to_existing(
test=zero_trust_consts.TEST_DATA_ENDPOINT_HTTP,
status=found_http_server_status,
events=events
)
AggregateFinding.create_or_add_to_existing(
MonkeyFindingService.create_or_add_to_existing(
test=zero_trust_consts.TEST_DATA_ENDPOINT_ELASTIC,
status=found_elastic_search_server,
events=events
)
add_malicious_activity_to_timeline(events)
MonkeyFindingService.add_malicious_activity_to_timeline(events)

0
monkey/monkey_island/cc/services/telemetry/zero_trust_tests/known_anti_viruses.py → monkey/monkey_island/cc/services/telemetry/zero_trust_checks/known_anti_viruses.py
View File

9
monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py → monkey/monkey_island/cc/services/telemetry/zero_trust_checks/machine_exploited.py
View File

@ -1,10 +1,9 @@
import common.common_consts.zero_trust_consts as zero_trust_consts
from monkey_island.cc.models.zero_trust.aggregate_finding import (
AggregateFinding, add_malicious_activity_to_timeline)
from monkey_island.cc.models.zero_trust.event import Event
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
def test_machine_exploited(current_monkey, exploit_successful, exploiter, target_ip, timestamp):
def check_machine_exploited(current_monkey, exploit_successful, exploiter, target_ip, timestamp):
events = [
Event.create_event(
title="Exploit attempt",
@ -30,10 +29,10 @@ def test_machine_exploited(current_monkey, exploit_successful, exploiter, target
)
status = zero_trust_consts.STATUS_FAILED
AggregateFinding.create_or_add_to_existing(
MonkeyFindingService.create_or_add_to_existing(
test=zero_trust_consts.TEST_MACHINE_EXPLOITED,
status=status,
events=events
)
add_malicious_activity_to_timeline(events)
MonkeyFindingService.add_malicious_activity_to_timeline(events)

4
monkey/monkey_island/cc/services/telemetry/zero_trust_tests/segmentation.py → monkey/monkey_island/cc/services/telemetry/zero_trust_checks/segmentation.py
View File

@ -19,7 +19,7 @@ SEGMENTATION_VIOLATION_EVENT_TEXT = \
"managed to communicate cross segment to {target_ip} (in segment {target_seg})."
def test_segmentation_violation(current_monkey, target_ip):
def check_segmentation_violation(current_monkey, target_ip):
# TODO - lower code duplication between this and report.py.
subnet_groups = get_config_network_segments_as_subnet_groups()
for subnet_group in subnet_groups:
@ -73,7 +73,7 @@ def get_segmentation_violation_event(current_monkey, source_subnet, target_ip, t
)
def test_passed_findings_for_unreached_segments(current_monkey):
def check_passed_findings_for_unreached_segments(current_monkey):
flat_all_subnets = [item for sublist in get_config_network_segments_as_subnet_groups() for item in sublist]
create_or_add_findings_for_all_pairs(flat_all_subnets, current_monkey)

4
monkey/monkey_island/cc/services/telemetry/zero_trust_tests/test_segmentation_zt_tests.py → monkey/monkey_island/cc/services/telemetry/zero_trust_checks/test_segmentation.py
View File

@ -6,7 +6,7 @@ from monkey_island.cc.models.zero_trust.event import Event
from monkey_island.cc.models.zero_trust.finding import Finding
from monkey_island.cc.models.zero_trust.segmentation_finding import \
SegmentationFinding
from monkey_island.cc.services.telemetry.zero_trust_tests.segmentation import \
from monkey_island.cc.services.telemetry.zero_trust_checks.segmentation import \
create_or_add_findings_for_all_pairs
from monkey_island.cc.testing.IslandTestCase import IslandTestCase
@ -15,7 +15,7 @@ SECOND_SUBNET = "2.2.2.0/24"
THIRD_SUBNET = "3.3.3.3-3.3.3.200"
class TestSegmentationTests(IslandTestCase):
class TestSegmentationChecks(IslandTestCase):
def test_create_findings_for_all_done_pairs(self):
self.fail_if_not_testing_env()
self.clean_finding_db()

9
monkey/monkey_island/cc/services/telemetry/zero_trust_tests/tunneling.py → monkey/monkey_island/cc/services/telemetry/zero_trust_checks/tunneling.py
View File

@ -1,13 +1,12 @@
import common.common_consts.zero_trust_consts as zero_trust_consts
from monkey_island.cc.models import Monkey
from monkey_island.cc.models.zero_trust.aggregate_finding import (
AggregateFinding, add_malicious_activity_to_timeline)
from monkey_island.cc.models.zero_trust.event import Event
from monkey_island.cc.services.telemetry.processing.utils import \
get_tunnel_host_ip_from_proxy_field
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
def test_tunneling_violation(tunnel_telemetry_json):
def check_tunneling_violation(tunnel_telemetry_json):
if tunnel_telemetry_json['data']['proxy'] is not None:
# Monkey is tunneling, create findings
tunnel_host_ip = get_tunnel_host_ip_from_proxy_field(tunnel_telemetry_json)
@ -20,10 +19,10 @@ def test_tunneling_violation(tunnel_telemetry_json):
timestamp=tunnel_telemetry_json['timestamp']
)]
AggregateFinding.create_or_add_to_existing(
MonkeyFindingService.create_or_add_to_existing(
test=zero_trust_consts.TEST_TUNNELING,
status=zero_trust_consts.STATUS_FAILED,
events=tunneling_events
)
add_malicious_activity_to_timeline(tunneling_events)
MonkeyFindingService.add_malicious_activity_to_timeline(tunneling_events)