Commit Graph

6485 Commits

Author SHA1 Message Date
Shreya Malviya 7bdbdb1bfb island: Go through internal config when generating reverse schema for unscanned attack techniques' reasons 2021-10-14 14:21:50 +05:30
Shreya Malviya 80811334d7 island: Reword message for unscanned attack techniques 2021-10-14 14:21:50 +05:30
Shreya Malviya 462b20f587 island: Add related attack techniques to internal config values 'exploit_ntlm_hash_list' and 'exploit_lm_hash_list' 2021-10-14 14:21:49 +05:30
Shreya Malviya a9e0325b07
Merge pull request #1522 from guardicore/update-t1086-reporting
Update T1086 (PowerShell) reporting to include PBA results
2021-10-14 13:12:49 +05:30
Shreya Malviya cff393fa63 island: Simplify tables' titles in T1086 report 2021-10-14 12:54:21 +05:30
Ilija Lazoroski c3fb5ae441 UI: Change datatable for telemetries
Used MUIDataTable instead of DataTable from
react-data-components.
The above package is deleted as it is not used
anywhere else.
2021-10-13 23:20:25 +02:00
Mike Salvatore 67a7fb66c5 Docs: Fix numbering in password reset FAQ 2021-10-13 13:35:39 -04:00
Mike Salvatore 65f5189eb1 Docs: Fix broken "data directory" links in FAQ 2021-10-13 13:27:36 -04:00
Shreya Malviya 82eea6a845 cc: Change wording for T1086 reporting 2021-10-13 13:41:29 +05:30
Shreya Malviya effd9dd957 island: Modify mongo query so 'Account Discovery' PBA also gets reported in T1086 2021-10-13 13:41:22 +05:30
Ilija Lazoroski b404f75a34 UI: Fix telemetry filter 2021-10-12 13:37:42 +02:00
Mike Salvatore 8519edbbd2 Island: Explicitly handle path/string conversion in DataStoreEncryptor 2021-10-12 07:28:36 -04:00
Shreya Malviya e3045c255a cc: Change variables from snake case to camel case for consistency 2021-10-11 18:02:17 +05:30
Shreya Malviya ee5585af75 cc: Modify T1086 reporting to segregate per category more efficiently 2021-10-11 17:59:54 +05:30
Shreya Malviya 748bca43e9 island: Fix eslint warnings (trailing comma and double quotes) 2021-10-11 17:46:33 +05:30
Shreya Malviya 5a4f66d080 CHANGELOG: Add entry for T1086 reporting changes 2021-10-11 17:40:52 +05:30
Shreya Malviya 363e42ad7b cc: Change wording for header of PBAs' table in T1086's report 2021-10-11 17:30:36 +05:30
Shreya Malviya 3b11637f16 island: Change mongo query to include 'Modify Shell Startup Files' PBA in T1086's report 2021-10-11 17:29:46 +05:30
Shreya Malviya 7fa917581c cc: Add another table for T1086 (PowerShell) used as PBAs 2021-10-11 17:21:40 +05:30
Shreya Malviya d82f61d524 island: Add telem category to data for T1086 reporting 2021-10-11 15:22:33 +05:30
Shreya Malviya 2b789fca90 island: Add mongo query for PBAs for T1086 reporting 2021-10-11 15:14:40 +05:30
Mike Salvatore 356b3475cd
Merge pull request #1516 from guardicore/encryption-code-quality-improvements
Encryption code quality improvements
2021-10-08 08:05:05 -04:00
Ilija Lazoroski 8cf8f931e1 UI: Update packages that caused vulnerabilites
ansi-regex moderate vulnerabilities are still
under review.
2021-10-08 08:00:38 -04:00
Ilija Lazoroski bc345f84c0 UI: Update ansi-regex 2021-10-08 08:00:38 -04:00
Mike Salvatore 97c3ed3b97 Island: Rename internal DataStoreEncryptor methods 2021-10-07 14:45:00 -04:00
Mike Salvatore 1a0a07d550 Island: Reduce duplication in data_store_encryptor 2021-10-07 14:40:52 -04:00
Mike Salvatore bdf485e014 Island: Rename data_store_encryptor initialization functions 2021-10-07 14:40:50 -04:00
Mike Salvatore 2d414a6f7d Island: Ensure old key files are deleted on reinitialization 2021-10-07 14:03:28 -04:00
Mike Salvatore ecf4efe11a
Merge pull request #1515 from guardicore/proxy-test
Fix proxy schema for tunneling
2021-10-07 10:25:43 -04:00
Ilija Lazoroski cd23eb2909 Agent: Reword note in control
Rewrite control set proxy UT, fix typo in httpfinger
2021-10-07 16:18:17 +02:00
VakarisZ 2d28c4e800 Zoo: fix the fullDocs.md by removing the outdated section about monkey configurations, add a sections about what to do with the island if you're a simple user 2021-10-07 16:56:10 +03:00
VakarisZ f7e0b4fef1 Zoo: add missing tunneling-12 image definition to terraform scripts 2021-10-07 13:55:48 +03:00
Ilija Lazoroski a8182cbb3d UT: Add test for settting agent proxy 2021-10-07 10:50:41 +02:00
Mike Salvatore 9ee00c3044 Tests: Reduce code duplication in test_data_store_encryptor.py 2021-10-06 12:45:54 -04:00
Mike Salvatore c3ea714977
Merge pull request #1514 from guardicore/pba-attack-telemetry
Fix ATT&CK report bug: showed a different technique's results under a technique if the PBA behind them was the same
2021-10-06 12:12:28 -04:00
Ilija Lazoroski a11d1d5f1e Agent: Changed note message for proxy schema 2021-10-06 18:10:46 +02:00
Ilija Lazoroski 3f33bc4a41 Agent: Consistent format string for set proxy 2021-10-06 18:05:30 +02:00
Ilija Lazoroski 87b882cb45 Agent: Set proxy schema for different OS 2021-10-06 16:53:55 +02:00
Shreya Malviya 5be841d08a island: For ATT&CK techniques mapped to PBAs, consider hostname and IP
of the first entry in the PBA's results
2021-10-06 19:27:32 +05:30
Shreya Malviya f7e37b0767 CHANGELOG: Add entry for bugix that wrongly reported the "`.bash_profile` and `.bashrc`" technique 2021-10-06 19:27:29 +05:30
Mike Salvatore 8310204e66 Tests: Test InvalidCiphertextError 2021-10-06 09:51:03 -04:00
Shreya Malviya f347088412 CHANGELOG: Add entry for ATT&CK report telemetry bugfix 2021-10-06 16:05:58 +05:30
Shreya Malviya c51f80ea3a tests: Modify post breach telem's unit test 2021-10-06 15:58:23 +05:30
Shreya Malviya e4f5f08a66 island: Remove unneeded mongo queries in ATT&CK techniques maped to PBAs 2021-10-06 14:50:10 +05:30
Shreya Malviya 81252e2b6a island: When generating ATT&CK report for techniques mapped to PBAs, check telem event's OS and technique's relevant systems 2021-10-06 14:46:17 +05:30
Shreya Malviya cccdf7f6c3 agent: Send OS info in post breach telem 2021-10-06 14:42:26 +05:30
Ilija Lazoroski cafd983622 Agent: Change proxy scheme format to http 2021-10-06 10:24:41 +02:00
Mike Salvatore e673667b34 Tests: Mark all tests in test_data_store_encryptor as slow 2021-10-05 16:48:48 -04:00
Mike Salvatore 95221ef53a Island: Add reinitialize_datastore_encryptor() 2021-10-05 16:48:46 -04:00
Mike Salvatore c0b257127a Island: Implement DataStoreEncryptor as a class
This allows us to begin decoupling some implementation details from the
AuthenticationService.
2021-10-05 15:59:39 -04:00