Agent: Use frozenset for zerologon event tags

This commit is contained in:
Ilija Lazoroski 2022-08-17 13:45:13 +02:00
parent 74b9dd58fc
commit 69e1f21312
1 changed files with 8 additions and 6 deletions

View File

@ -36,11 +36,13 @@ T1003_ATTACK_TECHNIQUE_TAG = "attack-t1003"
T1098_ATTACK_TECHNIQUE_TAG = "attack-t1098" T1098_ATTACK_TECHNIQUE_TAG = "attack-t1098"
ZEROLOGON_EVENT_TAGS = { ZEROLOGON_EVENT_TAGS = frozenset(
{
ZEROLOGON_EXPLOITER_TAG, ZEROLOGON_EXPLOITER_TAG,
T1003_ATTACK_TECHNIQUE_TAG, T1003_ATTACK_TECHNIQUE_TAG,
T1098_ATTACK_TECHNIQUE_TAG, T1098_ATTACK_TECHNIQUE_TAG,
} }
)
class ZerologonExploiter(HostExploiter): class ZerologonExploiter(HostExploiter):
@ -306,7 +308,7 @@ class ZerologonExploiter(HostExploiter):
def _publish_credentials_stolen_event(self, extracted_credentials: Sequence[Credentials]): def _publish_credentials_stolen_event(self, extracted_credentials: Sequence[Credentials]):
credentials_stolen_event = CredentialsStolenEvent( credentials_stolen_event = CredentialsStolenEvent(
tags=(ZEROLOGON_EVENT_TAGS), tags=ZEROLOGON_EVENT_TAGS,
stolen_credentials=extracted_credentials, stolen_credentials=extracted_credentials,
) )
self.event_queue.publish(credentials_stolen_event) self.event_queue.publish(credentials_stolen_event)