Commit Graph

6285 Commits

Author SHA1 Message Date
VakarisZ 3b5dd6ac3e Remove database initialization during island startup
Database initialization can not be done because island doesn't know the key needed for encrypting collections. Since the key only appears after registration, database setup also should happen only after registration
2021-10-04 14:23:50 +03:00
VakarisZ a2b09a9e7a Fix unit tests for data store encryptor 2021-10-04 14:21:07 +03:00
VakarisZ ea6fe37b44 Fix scoutsuite unit test to use updated datastore encryptor interface 2021-10-04 12:13:55 +03:00
VakarisZ 3ec26bcef8 Refactor data store encryptor to IEncryptor interface, move data store encryptor creation related code to data_store_encryptor.py, move the reponsibility to initialize data store encryptor to AuthenticationService 2021-10-04 12:03:30 +03:00
VakarisZ 34d065ce69 Move encryptors into a separate folder
This separates encryptor classes from other encryption related infrastructure that we have cc\server_utils\encryption
2021-10-04 11:09:42 +03:00
VakarisZ 9d6dc3b026 Move all encryptor building related code to encryptor_factory.py from data_store_encryptor.py 2021-10-01 17:33:55 +03:00
VakarisZ 26ba02a1d0 Refactor get_credentials_from_request to get_username_password_from_request
This better indicates that get_username_password_from_request returns a username/password pair rather than UserCreds structure
2021-10-01 15:33:46 +03:00
VakarisZ da169dddc9 Refactor DataStoreEncryptor by splitting up initialization related methods into EncryptorFactory
This makes encryptor initialization workflow more straight-forward and the files become smaller, easier to read
2021-10-01 15:24:48 +03:00
VakarisZ b2bbb62bdd Add CHANGELOG.md entry for #1463 (Encrypt the database key with user's credentials.) 2021-10-01 12:48:08 +03:00
VakarisZ ddae09278e Refactor test_data_store_encryptor.py to use (path / to / file).isfile() syntax to check for presence of files 2021-10-01 12:44:05 +03:00
VakarisZ 4cbed6dce9 Fix typos and rename files/classes related to data store encryptor. Change PasswordBasedBytesEncryptor interface to use bytes instead of io.BytesIO 2021-10-01 12:34:21 +03:00
VakarisZ e280c4fb5a Move data store encryptor secret generation into the data store encryptor from credential_utils.py 2021-10-01 11:58:32 +03:00
VakarisZ f97ec4e9ed Implement data store encryptor key removal on registration and unit tests for data store encryptor
Data store key needs to be deleted upon registration to create a new one.
2021-10-01 11:26:43 +03:00
VakarisZ 4f176939bb Split up the initialization of mongo_key into 2 parts: directory of mongo key initialization that happens during launch and initialization of key which happens after login or registration 2021-09-30 17:16:06 +03:00
VakarisZ fd1cb9d36d Add a secret to datastore encryptor
This change enables the encryption/decryption of mongo key with a custom secret
2021-09-30 17:16:05 +03:00
VakarisZ 191fbea665 Refactor password based encryptor into PasswordBasedStringEncryptor and PasswordBasedByteEncryptor
This change allows to encrypt strings and bytes without any additional conversion done on the caller
2021-09-30 17:16:04 +03:00
VakarisZ f387595104
Merge pull request #1495 from guardicore/delay-mongo-init
Delay mongo init to after registration
2021-09-29 17:03:12 +03:00
VakarisZ 7939ed4739 Alter the log message talking about storing the mitigations: remove the part saying that it will take a while 2021-09-29 17:02:34 +03:00
VakarisZ 579ebf4a0f Alter registration page to show loading icon while registration request is being processed 2021-09-29 16:45:28 +03:00
VakarisZ c211d51d8c Move database reset to happen during the registration 2021-09-29 16:45:28 +03:00
VakarisZ b73958dd55 Rename the CHANGELOG.md entry about resetting login credentials to "Resetting login credentials also cleans the contents of the database. #1495" 2021-09-29 16:45:26 +03:00
Shreya Malviya ab7872d103 CHANGELOG: Add entry for delaying mongo init 2021-09-29 16:44:42 +03:00
Shreya Malviya 2cbaf954e1 docs: Fix spelling mistake 2021-09-29 16:44:16 +03:00
Shreya Malviya 1e02ab6d2b docs: Add warning that DB will be cleared if creds are reset 2021-09-29 16:44:16 +03:00
Shreya Malviya 6fe4d6cb31 island: Drop mongo db when registartion requirement is realised instead
of when registration request is sent

The issue with this whole change is that there's a long gap where
nothing happens after you click on the log in or register button on the
UI.

But we don't need to worry about this because we plan on shipping
Island's mongodb with attack mitigations already present.
2021-09-29 16:44:16 +03:00
Shreya Malviya 340dd1f94b island: Drop mongo db if registration is required 2021-09-29 16:44:16 +03:00
Shreya Malviya 194e244080 island: On login, check if collection 'attack_mitigations' is present in DB,
add if not
2021-09-29 16:44:16 +03:00
Shreya Malviya 3cbeb3dbf7 island: Add attack mitigations to mongo upon registration 2021-09-29 16:44:15 +03:00
Mike Salvatore 51f179c145
Merge pull request #1494 from guardicore/1415/add-ransomware-report-links
1415/add ransomware report links
2021-09-29 08:51:08 -04:00
VakarisZ b791ee16e1
Merge pull request #1501 from guardicore/tunneling-revert-schema
Changed proxy schema for the agent
2021-09-29 10:54:03 +03:00
ilija-lazoroski a5587cd4ad
Merge pull request #1489 from guardicore/1462/powershell-re-use
PowerShell re-use credentials and second hop
2021-09-28 17:57:52 +02:00
Ilija Lazoroski a438f3afb0 Zoo: Replace --os with --skip-powershell-reuse
With this logic the powershell cached will run
if we don't provide the cli param --skip-powershell-reuse.
2021-09-28 17:31:20 +02:00
Ilija Lazoroski 449fe7517e Agent: Changed proxy schema 2021-09-28 16:21:19 +02:00
Mike Salvatore 0839f04b1d
Merge pull request #1483 from guardicore/incorrect-attack-report-msgs
Fix incorrect ATT&CK report messages
2021-09-28 07:24:17 -04:00
VakarisZ beafc0bf9e
Merge pull request #1493 from guardicore/credential_duplication_fix
Duplicate credentials in system info telem
2021-09-28 13:49:21 +03:00
VakarisZ d240427ce2 Remove mimikatz field from sensitive fields in telemetries since telemetries no longer contain such key 2021-09-28 13:09:06 +03:00
VakarisZ 27e2969e79 Remove the unnecessary "mimikatz" info from telemetry data since the exact same data is stored under "credentials" key 2021-09-28 13:03:10 +03:00
VakarisZ e40c83c2ff
Merge pull request #1485 from guardicore/telemetry_encryption
Telemetry encryption in database
2021-09-28 12:18:12 +03:00
VakarisZ 8b9ddb0c4b Removed unnecessary vulture ignores from whitelist 2021-09-28 11:04:42 +03:00
VakarisZ d79892427b Moved credential encryption in mongo CHANGELOG.md entry from Fixes to Security 2021-09-28 11:04:42 +03:00
VakarisZ a24eb841c1 Extract DAL interface for report model into a separate report_dal.py file 2021-09-28 11:04:42 +03:00
VakarisZ 1160ac6af0 Refactor dictionary and sensitive mongo field encryption by moving it to server_utils/encryption 2021-09-28 11:04:42 +03:00
Shreya Malviya cb4b845eaf tests: Fix unit test (remove 'The'; see previous commit) 2021-09-28 12:08:11 +05:30
Shreya Malviya e5b9f96447 island: Remove 'The' from text to be shown in report, for consistency 2021-09-28 12:08:10 +05:30
Shreya Malviya 6def66cfaf island: Move class variable `config_schema_per_attack_technique` to the
top of its class `AttackTechnique`
2021-09-28 12:08:10 +05:30
Mike Salvatore 67262e19d1
Merge pull request #1492 from guardicore/1484/faq-network-limitations
docs: Add faq for limiting monkey propagation
2021-09-27 14:30:57 -04:00
MarketingYeti 4b0bed8267 Docs: Edits to monkey propagation FAQ section 2021-09-27 14:29:10 -04:00
Mike Salvatore e67066dd0d UI: Add external link icon to Ransomware report 2021-09-27 14:20:04 -04:00
Mike Salvatore 7d9386c266 UI: Add ExternalLink React element 2021-09-27 14:19:55 -04:00
Mike Salvatore cc531a98ae UI: Add link to Guardicore blog in ransomware Attack section 2021-09-27 13:42:52 -04:00