diff --git a/monkey/common/common_consts/telem_categories.py b/monkey/common/common_consts/telem_categories.py index 669b2379c..0697fd4f7 100644 --- a/monkey/common/common_consts/telem_categories.py +++ b/monkey/common/common_consts/telem_categories.py @@ -8,4 +8,3 @@ class TelemCategoryEnum: SCAN = "scan" STATE = "state" TRACE = "trace" - TUNNEL = "tunnel" diff --git a/monkey/monkey_island/cc/resources/telemetry_feed.py b/monkey/monkey_island/cc/resources/telemetry_feed.py index 9087e2b97..feb408ae0 100644 --- a/monkey/monkey_island/cc/resources/telemetry_feed.py +++ b/monkey/monkey_island/cc/resources/telemetry_feed.py @@ -64,16 +64,6 @@ class TelemetryFeed(AbstractResource): def get_telem_brief_parser_by_category(telem_category): return TELEM_PROCESS_DICT[telem_category] - @staticmethod - def get_tunnel_telem_brief(telem): - tunnel = telem["data"]["proxy"] - if tunnel is None: - return "No tunnel is used." - else: - tunnel_host_ip = tunnel.split(":")[-2].replace("//", "") - tunnel_host = NodeService.get_monkey_by_ip(tunnel_host_ip)["hostname"] - return "Tunnel set up to machine: %s." % tunnel_host - @staticmethod def get_state_telem_brief(telem): if telem["data"]["done"]: @@ -132,7 +122,6 @@ TELEM_PROCESS_DICT = { TelemCategoryEnum.SCAN: TelemetryFeed.get_scan_telem_brief, TelemCategoryEnum.STATE: TelemetryFeed.get_state_telem_brief, TelemCategoryEnum.TRACE: TelemetryFeed.get_trace_telem_brief, - TelemCategoryEnum.TUNNEL: TelemetryFeed.get_tunnel_telem_brief, } diff --git a/monkey/monkey_island/cc/services/telemetry/processing/processing.py b/monkey/monkey_island/cc/services/telemetry/processing/processing.py index 557dbff7f..f3550077f 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/processing.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/processing.py @@ -8,7 +8,6 @@ from monkey_island.cc.services.telemetry.processing.exploit import process_explo from monkey_island.cc.services.telemetry.processing.post_breach import process_post_breach_telemetry from monkey_island.cc.services.telemetry.processing.scan import process_scan_telemetry from monkey_island.cc.services.telemetry.processing.state import process_state_telemetry -from monkey_island.cc.services.telemetry.processing.tunnel import process_tunnel_telemetry logger = logging.getLogger(__name__) @@ -22,7 +21,6 @@ TELEMETRY_CATEGORY_TO_PROCESSING_FUNC = { TelemCategoryEnum.SCAN: process_scan_telemetry, TelemCategoryEnum.STATE: process_state_telemetry, TelemCategoryEnum.TRACE: lambda *args, **kwargs: None, - TelemCategoryEnum.TUNNEL: process_tunnel_telemetry, } # Don't save credential telemetries in telemetries collection. diff --git a/monkey/monkey_island/cc/services/telemetry/processing/tunnel.py b/monkey/monkey_island/cc/services/telemetry/processing/tunnel.py deleted file mode 100644 index 6bd1fd711..000000000 --- a/monkey/monkey_island/cc/services/telemetry/processing/tunnel.py +++ /dev/null @@ -1,15 +0,0 @@ -from monkey_island.cc.services.node import NodeService -from monkey_island.cc.services.telemetry.processing.utils import get_tunnel_host_ip_from_proxy_field -from monkey_island.cc.services.telemetry.zero_trust_checks.tunneling import ( - check_tunneling_violation, -) - - -def process_tunnel_telemetry(telemetry_json, _): - check_tunneling_violation(telemetry_json) - monkey_id = NodeService.get_monkey_by_guid(telemetry_json["monkey_guid"])["_id"] - if telemetry_json["data"]["proxy"] is not None: - tunnel_host_ip = get_tunnel_host_ip_from_proxy_field(telemetry_json) - NodeService.set_monkey_tunnel(monkey_id, tunnel_host_ip) - else: - NodeService.unset_all_monkey_tunnels(monkey_id) diff --git a/monkey/monkey_island/cc/services/telemetry/processing/utils.py b/monkey/monkey_island/cc/services/telemetry/processing/utils.py index ffa6960f6..30487593a 100644 --- a/monkey/monkey_island/cc/services/telemetry/processing/utils.py +++ b/monkey/monkey_island/cc/services/telemetry/processing/utils.py @@ -14,8 +14,3 @@ def get_edge_by_scan_or_exploit_telemetry(telemetry_json): dst_label = NodeService.get_label_for_endpoint(dst_node["_id"]) return EdgeService.get_or_create_edge(src_monkey["_id"], dst_node["_id"], src_label, dst_label) - - -def get_tunnel_host_ip_from_proxy_field(telemetry_json): - tunnel_host_ip = telemetry_json["data"]["proxy"].split(":")[-2].replace("//", "") - return tunnel_host_ip diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_checks/tunneling.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_checks/tunneling.py deleted file mode 100644 index 092fd67e2..000000000 --- a/monkey/monkey_island/cc/services/telemetry/zero_trust_checks/tunneling.py +++ /dev/null @@ -1,32 +0,0 @@ -import common.common_consts.zero_trust_consts as zero_trust_consts -from monkey_island.cc.models import Monkey -from monkey_island.cc.models.zero_trust.event import Event -from monkey_island.cc.services.telemetry.processing.utils import get_tunnel_host_ip_from_proxy_field -from monkey_island.cc.services.zero_trust.monkey_findings.monkey_zt_finding_service import ( - MonkeyZTFindingService, -) - - -def check_tunneling_violation(tunnel_telemetry_json): - if tunnel_telemetry_json["data"]["proxy"] is not None: - # Monkey is tunneling, create findings - tunnel_host_ip = get_tunnel_host_ip_from_proxy_field(tunnel_telemetry_json) - current_monkey = Monkey.get_single_monkey_by_guid(tunnel_telemetry_json["monkey_guid"]) - tunneling_events = [ - Event.create_event( - title="Tunneling event", - message="Monkey on {hostname} tunneled traffic through {proxy}.".format( - hostname=current_monkey.hostname, proxy=tunnel_host_ip - ), - event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK, - timestamp=tunnel_telemetry_json["timestamp"], - ) - ] - - MonkeyZTFindingService.create_or_add_to_existing( - test=zero_trust_consts.TEST_TUNNELING, - status=zero_trust_consts.STATUS_FAILED, - events=tunneling_events, - ) - - MonkeyZTFindingService.add_malicious_activity_to_timeline(tunneling_events)