Refactor PBA report data code

Only with T1158 for now

monkey/monkey_island/cc/services/attack/technique_reports/T1158.py

@@ -10,4 +10,4 @@ class T1158(PostBreachTechnique):
     unscanned_msg = "Monkey didn't try creating hidden files or folders."
     scanned_msg = "Monkey tried creating hidden files and folders on the system but failed."
     used_msg = "Monkey created hidden files and folders on the system."
-    pba_names = [POST_BREACH_HIDDEN_FILES]
+    pba_name = POST_BREACH_HIDDEN_FILES

monkey/monkey_island/cc/services/attack/technique_reports/pba_technique.py

@@ -1,32 +1,24 @@
 import abc
 
-from common.utils.attack_utils import ScanStatus
-from monkey_island.cc.database import mongo
 from monkey_island.cc.services.attack.attack_config import AttackConfig
+from monkey_island.cc.database import mongo
+from common.utils.attack_utils import ScanStatus
 from monkey_island.cc.services.attack.technique_reports import AttackTechnique
 
 
 class PostBreachTechnique(AttackTechnique, metaclass=abc.ABCMeta):
-    """ Class for ATT&CK report components of post-breach actions """
-
     @property
     @abc.abstractmethod
-    def pba_names(self):
+    def pba_name(self):
         """
         :return: name of post breach action
         """
         pass
 
     @classmethod
-    def get_pba_query(cls, post_breach_action_names):
-        """
-        :param post_breach_action_names: Names of post-breach actions with which the technique is associated
-        (example - `["Communicate as new user", "Backdoor user"]` for T1136)
-        :return: Mongo query that parses attack telemetries for a simple report component
-        (gets machines and post-breach action usage).
-        """
+    def get_pba_query(cls, post_breach_action_name):
         return [{'$match': {'telem_category': 'post_breach',
-                            '$or': [{'data.name': pba_name} for pba_name in post_breach_action_names]}},
+                            'data.name': post_breach_action_name}},
                 {'$project': {'_id': 0,
                               'machine': {'hostname': '$data.hostname',
                                           'ips': ['$data.ip']},
@@ -34,20 +26,15 @@ class PostBreachTechnique(AttackTechnique, metaclass=abc.ABCMeta):
 
     @classmethod
     def get_report_data(cls):
-        """
-        :return: Technique's report data aggregated from the database
-        """
         data = {'title': cls.technique_title(), 'info': []}
 
-        info = list(mongo.db.telemetry.aggregate(cls.get_pba_query(cls.pba_names)))
+        info = list(mongo.db.telemetry.aggregate(cls.get_pba_query(cls.pba_name)))
 
-        status = ScanStatus.UNSCANNED.value
-        if info:
-            successful_PBAs = mongo.db.telemetry.count({
-                '$or': [{'data.name': pba_name} for pba_name in cls.pba_names],
-                'data.result.1': True
-            })
-            status = ScanStatus.USED.value if successful_PBAs else ScanStatus.SCANNED.value
+        status = []
+        for pba_node in info:
+            status.append(pba_node['result'][1])
+        status = (ScanStatus.USED.value if any(status) else ScanStatus.SCANNED.value)\
+            if status else ScanStatus.UNSCANNED.value
 
         data.update(cls.get_base_data_by_status(status))
         data.update({'info': info})