Add attack telemetries to feed and preprocessing dicts

Fix 1197 report processing

monkey/monkey_island/cc/resources/telemetry.py

@@ -263,6 +263,12 @@ class Telemetry(flask_restful.Resource):
             {'guid': telemetry_json['monkey_guid']},
             {'$push': {'pba_results': telemetry_json['data']}})
 
+    @staticmethod
+    def process_attack_telemetry(telemetry_json):
+        # No processing required
+        pass
+
+
 TELEM_PROCESS_DICT = \
     {
         'tunnel': Telemetry.process_tunnel_telemetry,
@@ -271,5 +277,6 @@ TELEM_PROCESS_DICT = \
         'scan': Telemetry.process_scan_telemetry,
         'system_info_collection': Telemetry.process_system_info_telemetry,
         'trace': Telemetry.process_trace_telemetry,
-        'post_breach': Telemetry.process_post_breach_telemetry
+        'post_breach': Telemetry.process_post_breach_telemetry,
+        'attack': Telemetry.process_attack_telemetry
     }

monkey/monkey_island/cc/resources/telemetry_feed.py

@@ -86,6 +86,10 @@ class TelemetryFeed(flask_restful.Resource):
                                                                       telem['data']['hostname'],
                                                                       telem['data']['ip'])
 
+    @staticmethod
+    def get_attack_telem_brief(telem):
+        return 'Monkey collected MITRE ATT&CK info.'
+
 
 TELEM_PROCESS_DICT = \
     {
@@ -95,5 +99,6 @@ TELEM_PROCESS_DICT = \
         'scan': TelemetryFeed.get_scan_telem_brief,
         'system_info_collection': TelemetryFeed.get_systeminfo_telem_brief,
         'trace': TelemetryFeed.get_trace_telem_brief,
-        'post_breach': TelemetryFeed.get_post_breach_telem_brief
+        'post_breach': TelemetryFeed.get_post_breach_telem_brief,
+        'attack': TelemetryFeed.get_attack_telem_brief
     }

monkey/monkey_island/cc/services/attack/technique_reports/T1197.py

@@ -13,12 +13,12 @@ class T1197(AttackTechnique):
     @staticmethod
     def get_report_data():
         data = T1197.get_tech_base_data(T1197)
-        bits_results = mongo.db.attack_results.aggregate([{'$match': {'technique': T1197.tech_id}},
+        bits_results = mongo.db.telemetry.aggregate([{'$match': {'telem_type': 'attack', 'data.technique': T1197.tech_id}},
-                                                          {'$group': {'_id': {'ip_addr': '$machine.ip_addr', 'usage': '$usage'},
+                                                          {'$group': {'_id': {'ip_addr': '$data.machine.ip_addr', 'usage': '$data.usage'},
-                                                                      'ip_addr': {'$first': '$machine.ip_addr'},
+                                                                      'ip_addr': {'$first': '$data.machine.ip_addr'},
-                                                                      'domain_name': {'$first': '$machine.domain_name'},
+                                                                      'domain_name': {'$first': '$data.machine.domain_name'},
-                                                                      'usage': {'$first': '$usage'},
+                                                                      'usage': {'$first': '$data.usage'},
-                                                                      'time': {'$first': '$time'}}
+                                                                      'time': {'$first': '$timestamp'}}
                                                            }])
         bits_results = list(bits_results)
         data.update({'bits_jobs': bits_results})

monkey/monkey_island/cc/services/attack/technique_reports/__init__.py

@@ -53,9 +53,9 @@ class AttackTechnique(object):
         :param technique: technique's id.
         :return: ScanStatus Enum object
         """
-        if mongo.db.attack_results.find_one({'status': ScanStatus.USED.value, 'technique': technique}):
+        if mongo.db.telemetry.find_one({'telem_type': 'attack', 'data.status': ScanStatus.USED.value, 'data.technique': technique}):
             return ScanStatus.USED
-        elif mongo.db.attack_results.find_one({'status': ScanStatus.SCANNED.value, 'technique': technique}):
+        elif mongo.db.telemetry.find_one({'telem_type': 'attack', 'data.status': ScanStatus.SCANNED.value, 'data.technique': technique}):
             return ScanStatus.SCANNED
         else:
             return ScanStatus.UNSCANNED