UI: Display encrypted file paths in ransomware report table

monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js

@@ -22,6 +22,7 @@ class ReportPageComponent extends AuthComponent {
       attackReport: {},
       zeroTrustReport: {},
       ransomwareReport: {},
+      ransomwareTelemetry: {},
       allMonkeysAreDead: false,
       runStarted: true,
       selectedSection: ReportPageComponent.selectReport(this.sections),
@@ -67,6 +68,13 @@ class ReportPageComponent extends AuthComponent {
             ransomwareReport: res
           });
         });
+      this.authFetch('/api/telemetry?telem_category=file_encryption')
+        .then(res => res.json())
+        .then(res => {
+          this.setState({
+            ransomwareTelemetry: res
+          });
+        });
     }
   }
 
@@ -156,7 +164,12 @@ class ReportPageComponent extends AuthComponent {
       case 'zeroTrust':
         return (<ZeroTrustReport report={this.state.zeroTrustReport}/>);
       case 'ransomware':
-        return (<RansomwareReport report={this.state.ransomwareReport}/>);
+        return (
+          <RansomwareReport
+            report={this.state.ransomwareReport}
+            telemetry={this.state.ransomwareTelemetry}
+          />
+        );
     }
   }
 

monkey/monkey_island/cc/ui/src/components/report-components/RansomwareReport.js

@@ -19,7 +19,7 @@ class RansomwareReport extends React.Component {
       <div>
         <BreachSection/>
         <LateralMovement propagationStats={this.props.report.propagation_stats} />
-        <FileEncryptionTable tableData={this.props.report.encrypted_files_table} />
+        <FileEncryptionTable telemetry={this.props.telemetry} />
       </div>
     )
   }

monkey/monkey_island/cc/ui/src/components/report-components/ransomware/FileEncryptionTable.tsx

@@ -1,25 +1,36 @@
 import React from 'react';
 import ReactTable from 'react-table';
-import {renderArray} from '../common/RenderArrays';
 
 
 type Props = {
-  tableData: [TableRow]
+  telemetry: object,
 }
 
 type TableRow = {
-  exploits: [string],
+  hostname: string,
-  total_attempts: number,
+  file_path: number,
-  successful_encryptions: number,
-  hostname: string
 }
 
-const pageSize = 10;
+const PAGE_SIZE = 10;
-
+const HOSTNAME_REGEX = /^(.* - )?(\S+) :.*$/
+const columns = [
+  {
+    Header: 'Encrypted Files',
+    columns: [
+      {Header: 'Host', id: 'host', accessor: x => x.hostname},
+      {Header: 'File Path', id: 'file_path', accessor: x => x.file_path},
+      {Header: 'Encryption Algorithm',
+        id: 'encryption_algorithm',
+        accessor: () => {return 'Bit Flip'}}
+    ]
+  }
+];
 
 const FileEncryptionTable = (props: Props) => {
-  let defaultPageSize = props.tableData.length > pageSize ? pageSize : props.tableData.length;
+  let tableData = processTelemetry(props.telemetry);
-  let showPagination = props.tableData.length > pageSize;
+  let defaultPageSize = tableData.length > PAGE_SIZE ? PAGE_SIZE : tableData.length;
+  let showPagination = tableData.length > PAGE_SIZE;
+
   return (
     <>
       <h3 className={'report-section-header'}>
@@ -28,7 +39,7 @@ const FileEncryptionTable = (props: Props) => {
       <div className="data-table-container">
         <ReactTable
           columns={columns}
-          data={props.tableData}
+          data={tableData}
           showPagination={showPagination}
           defaultPageSize={defaultPageSize}
         />
@@ -37,30 +48,61 @@ const FileEncryptionTable = (props: Props) => {
   );
 }
 
-const columns = [
+function processTelemetry(telemetry): Array<TableRow> {
-  {
+  // Sort ascending so that newer telemetry records overwrite older ones.
-    Header: 'Ransomware info',
+  sortTelemetry(telemetry);
-    columns: [
-      {Header: 'Machine', id: 'machine', accessor: x => x.hostname},
-      {Header: 'Exploits', id: 'exploits', accessor: x => renderArray(x.exploits)},
-      {Header: 'Files encrypted',
-        id: 'files_encrypted',
-        accessor: x => renderFileEncryptionStats(x.successful_encryptions, x.total_attempts)}
-    ]
-  }
-];
 
-function renderFileEncryptionStats(successful: number, total: number) {
+  let latestTelemetry = getLatestTelemetry(telemetry);
-  let textClassName = ''
+  let tableData = getDataForTable(latestTelemetry);
 
-  if(successful > 0) {
+  return tableData;
-      textClassName = 'text-danger'
-  } else {
-      textClassName = 'text-dark'
 }
 
-  return (<p className={textClassName}>{successful} out of {total}</p>);
+function sortTelemetry(telemetry): void {
+  telemetry.objects.sort((a, b) => {
+    if (a.timestamp > b.timestamp) {
+      return 1;
+    } else if (a.timestamp > b.timestamp) {
+      return -1;
     }
 
+    return 0;
+  });
+}
+
+function getLatestTelemetry(telemetry) {
+  let latestTelemetry = {};
+  for (let i = 0; i < telemetry.objects.length; i++) {
+    let monkey = telemetry.objects[i].monkey
+
+    if (! (monkey in latestTelemetry)) {
+      latestTelemetry[monkey] = {};
+    }
+
+    telemetry.objects[i].data.files.forEach((file_encryption_telemetry) => {
+      latestTelemetry[monkey][file_encryption_telemetry.path] = file_encryption_telemetry.success
+    });
+  }
+
+  return latestTelemetry
+}
+
+function getDataForTable(telemetry): Array<TableRow> {
+  let tableData = [];
+
+  for (const monkey in telemetry) {
+    for (const path in telemetry[monkey]) {
+      if (telemetry[monkey][path]) {
+        tableData.push({'hostname': parseHostname(monkey), 'file_path': path});
+      }
+    }
+  }
+
+  return tableData;
+}
+
+function parseHostname(monkey) {
+    return monkey.match(HOSTNAME_REGEX)[2]
+}
 
 export default FileEncryptionTable;