Island: Change config schema for process list collection
This commit is contained in:
Shreya Malviya
parent
4839f099a4
commit
a8059f021a
|
|
@ -94,5 +94,13 @@ POST_BREACH_ACTIONS = {
|
||||||
"info": "Attempts to clear the command history.",
|
"info": "Attempts to clear the command history.",
|
||||||
"attack_techniques": ["T1146"],
|
"attack_techniques": ["T1146"],
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"type": "string",
|
||||||
|
"enum": ["ProcessListCollection"],
|
||||||
|
"title": "Process List Collector",
|
||||||
|
"safe": True,
|
||||||
|
"info": "Collects a list of running processes on the machine.",
|
||||||
|
"attack_techniques": ["T1082"],
|
||||||
|
},
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,5 @@
|
||||||
from common.common_consts.system_info_collectors_names import (
|
from common.common_consts.system_info_collectors_names import (
|
||||||
MIMIKATZ_COLLECTOR,
|
MIMIKATZ_COLLECTOR,
|
||||||
PROCESS_LIST_COLLECTOR,
|
|
||||||
)
|
)
|
||||||
|
|
||||||
SYSTEM_INFO_COLLECTOR_CLASSES = {
|
SYSTEM_INFO_COLLECTOR_CLASSES = {
|
||||||
|
|
@ -16,13 +15,5 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
|
||||||
"info": "Collects credentials from Windows credential manager.",
|
"info": "Collects credentials from Windows credential manager.",
|
||||||
"attack_techniques": ["T1003", "T1005"],
|
"attack_techniques": ["T1003", "T1005"],
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"type": "string",
|
|
||||||
"enum": [PROCESS_LIST_COLLECTOR],
|
|
||||||
"title": "Process List Collector",
|
|
||||||
"safe": True,
|
|
||||||
"info": "Collects a list of running processes on the machine.",
|
|
||||||
"attack_techniques": ["T1082"],
|
|
||||||
},
|
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,5 @@
|
||||||
from common.common_consts.system_info_collectors_names import (
|
from common.common_consts.system_info_collectors_names import (
|
||||||
MIMIKATZ_COLLECTOR,
|
MIMIKATZ_COLLECTOR,
|
||||||
PROCESS_LIST_COLLECTOR,
|
|
||||||
)
|
)
|
||||||
|
|
||||||
MONKEY = {
|
MONKEY = {
|
||||||
|
|
@ -71,6 +70,7 @@ MONKEY = {
|
||||||
"ScheduleJobs",
|
"ScheduleJobs",
|
||||||
"Timestomping",
|
"Timestomping",
|
||||||
"AccountDiscovery",
|
"AccountDiscovery",
|
||||||
|
"ProcessListCollection",
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -85,7 +85,6 @@ MONKEY = {
|
||||||
"uniqueItems": True,
|
"uniqueItems": True,
|
||||||
"items": {"$ref": "#/definitions/system_info_collector_classes"},
|
"items": {"$ref": "#/definitions/system_info_collector_classes"},
|
||||||
"default": [
|
"default": [
|
||||||
PROCESS_LIST_COLLECTOR,
|
|
||||||
MIMIKATZ_COLLECTOR,
|
MIMIKATZ_COLLECTOR,
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -1,16 +1,13 @@
|
||||||
import logging
|
import logging
|
||||||
import typing
|
import typing
|
||||||
|
|
||||||
from common.common_consts.system_info_collectors_names import PROCESS_LIST_COLLECTOR
|
|
||||||
from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence import (
|
from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence import (
|
||||||
check_antivirus_existence,
|
check_antivirus_existence,
|
||||||
)
|
)
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = {
|
SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = {}
|
||||||
PROCESS_LIST_COLLECTOR: [check_antivirus_existence],
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
class SystemInfoTelemetryDispatcher(object):
|
class SystemInfoTelemetryDispatcher(object):
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue