Commit Graph

6523 Commits

Author SHA1 Message Date
Shreya Malviya e3045c255a cc: Change variables from snake case to camel case for consistency 2021-10-11 18:02:17 +05:30
Shreya Malviya ee5585af75 cc: Modify T1086 reporting to segregate per category more efficiently 2021-10-11 17:59:54 +05:30
Shreya Malviya 748bca43e9 island: Fix eslint warnings (trailing comma and double quotes) 2021-10-11 17:46:33 +05:30
Shreya Malviya 5a4f66d080 CHANGELOG: Add entry for T1086 reporting changes 2021-10-11 17:40:52 +05:30
Shreya Malviya 363e42ad7b cc: Change wording for header of PBAs' table in T1086's report 2021-10-11 17:30:36 +05:30
Shreya Malviya 3b11637f16 island: Change mongo query to include 'Modify Shell Startup Files' PBA in T1086's report 2021-10-11 17:29:46 +05:30
Shreya Malviya 7fa917581c cc: Add another table for T1086 (PowerShell) used as PBAs 2021-10-11 17:21:40 +05:30
Shreya Malviya d82f61d524 island: Add telem category to data for T1086 reporting 2021-10-11 15:22:33 +05:30
Shreya Malviya 2b789fca90 island: Add mongo query for PBAs for T1086 reporting 2021-10-11 15:14:40 +05:30
Mike Salvatore 356b3475cd
Merge pull request #1516 from guardicore/encryption-code-quality-improvements
Encryption code quality improvements
2021-10-08 08:05:05 -04:00
Ilija Lazoroski 8cf8f931e1 UI: Update packages that caused vulnerabilites
ansi-regex moderate vulnerabilities are still
under review.
2021-10-08 08:00:38 -04:00
Ilija Lazoroski bc345f84c0 UI: Update ansi-regex 2021-10-08 08:00:38 -04:00
Mike Salvatore 97c3ed3b97 Island: Rename internal DataStoreEncryptor methods 2021-10-07 14:45:00 -04:00
Mike Salvatore 1a0a07d550 Island: Reduce duplication in data_store_encryptor 2021-10-07 14:40:52 -04:00
Mike Salvatore bdf485e014 Island: Rename data_store_encryptor initialization functions 2021-10-07 14:40:50 -04:00
Mike Salvatore 2d414a6f7d Island: Ensure old key files are deleted on reinitialization 2021-10-07 14:03:28 -04:00
Mike Salvatore ecf4efe11a
Merge pull request #1515 from guardicore/proxy-test
Fix proxy schema for tunneling
2021-10-07 10:25:43 -04:00
Ilija Lazoroski cd23eb2909 Agent: Reword note in control
Rewrite control set proxy UT, fix typo in httpfinger
2021-10-07 16:18:17 +02:00
VakarisZ 2d28c4e800 Zoo: fix the fullDocs.md by removing the outdated section about monkey configurations, add a sections about what to do with the island if you're a simple user 2021-10-07 16:56:10 +03:00
VakarisZ f7e0b4fef1 Zoo: add missing tunneling-12 image definition to terraform scripts 2021-10-07 13:55:48 +03:00
Ilija Lazoroski a8182cbb3d UT: Add test for settting agent proxy 2021-10-07 10:50:41 +02:00
Mike Salvatore 9ee00c3044 Tests: Reduce code duplication in test_data_store_encryptor.py 2021-10-06 12:45:54 -04:00
Mike Salvatore c3ea714977
Merge pull request #1514 from guardicore/pba-attack-telemetry
Fix ATT&CK report bug: showed a different technique's results under a technique if the PBA behind them was the same
2021-10-06 12:12:28 -04:00
Ilija Lazoroski a11d1d5f1e Agent: Changed note message for proxy schema 2021-10-06 18:10:46 +02:00
Ilija Lazoroski 3f33bc4a41 Agent: Consistent format string for set proxy 2021-10-06 18:05:30 +02:00
Ilija Lazoroski 87b882cb45 Agent: Set proxy schema for different OS 2021-10-06 16:53:55 +02:00
Shreya Malviya 5be841d08a island: For ATT&CK techniques mapped to PBAs, consider hostname and IP
of the first entry in the PBA's results
2021-10-06 19:27:32 +05:30
Shreya Malviya f7e37b0767 CHANGELOG: Add entry for bugix that wrongly reported the "`.bash_profile` and `.bashrc`" technique 2021-10-06 19:27:29 +05:30
Mike Salvatore 8310204e66 Tests: Test InvalidCiphertextError 2021-10-06 09:51:03 -04:00
Shreya Malviya f347088412 CHANGELOG: Add entry for ATT&CK report telemetry bugfix 2021-10-06 16:05:58 +05:30
Shreya Malviya c51f80ea3a tests: Modify post breach telem's unit test 2021-10-06 15:58:23 +05:30
Shreya Malviya e4f5f08a66 island: Remove unneeded mongo queries in ATT&CK techniques maped to PBAs 2021-10-06 14:50:10 +05:30
Shreya Malviya 81252e2b6a island: When generating ATT&CK report for techniques mapped to PBAs, check telem event's OS and technique's relevant systems 2021-10-06 14:46:17 +05:30
Shreya Malviya cccdf7f6c3 agent: Send OS info in post breach telem 2021-10-06 14:42:26 +05:30
Ilija Lazoroski cafd983622 Agent: Change proxy scheme format to http 2021-10-06 10:24:41 +02:00
Mike Salvatore e673667b34 Tests: Mark all tests in test_data_store_encryptor as slow 2021-10-05 16:48:48 -04:00
Mike Salvatore 95221ef53a Island: Add reinitialize_datastore_encryptor() 2021-10-05 16:48:46 -04:00
Mike Salvatore c0b257127a Island: Implement DataStoreEncryptor as a class
This allows us to begin decoupling some implementation details from the
AuthenticationService.
2021-10-05 15:59:39 -04:00
Mike Salvatore c124db7880 Agent: Use different proxy scheme on Windows 2021-10-05 13:55:32 -04:00
Mike Salvatore 0eafc6613a Island: Flatten directory structure for "encryption" package 2021-10-05 12:37:05 -04:00
Mike Salvatore bf082d36ef Tests: Mark encryption tests as slow 2021-10-05 12:14:10 -04:00
Mike Salvatore e7fcf933b7 Island: Remove try/except from MimikatzResultsEncryptor.encrypt()
Catching this exception was a workaround for an issue that was resolved
in PR #1508.
2021-10-05 12:12:38 -04:00
Mike Salvatore 849ced2334 Tests: Improve telemetry_dal tests
* Reduce unnecessary mocking
* Remove defunct "mimikatz" field from mock telemetry
* Test encryption/decryption of all secret types for all users
2021-10-05 12:10:46 -04:00
Mike Salvatore 8f9289517f Tests: Decouple uses_encryptor() fixture from AuthenticationService 2021-10-05 11:52:33 -04:00
Mike Salvatore a24979155f Island: Improve logging in PasswordBasedBytesEncryptor 2021-10-05 11:52:33 -04:00
Mike Salvatore 5aa0506ce1 Island: Use relative imports inside encryption package 2021-10-05 11:52:33 -04:00
Mike Salvatore f65251ddde Island: Rename password_based_string_encrypt{i,}or.py 2021-10-05 11:52:33 -04:00
Mike Salvatore 4944947b10 Island: Rename password_based_bytes_encrypt{ion,or}.py 2021-10-05 11:52:33 -04:00
Ilija Lazoroski e80662f7f8 Agent: Check for empty result in Modify shell files 2021-10-05 10:39:50 -04:00
VakarisZ 0a4973a66e
Merge pull request #1512 from guardicore/mimikatz_collector_fix
Mimikatz collector fix
2021-10-05 17:17:39 +03:00