diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py b/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py
index 072640352..128503078 100644
--- a/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py
+++ b/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py
@@ -1,6 +1,5 @@
from common.common_consts.system_info_collectors_names import (
AWS_COLLECTOR,
- AZURE_CRED_COLLECTOR,
ENVIRONMENT_COLLECTOR,
HOSTNAME_COLLECTOR,
MIMIKATZ_COLLECTOR,
@@ -53,13 +52,5 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
"info": "Collects a list of running processes on the machine.",
"attack_techniques": ["T1082"],
},
- {
- "type": "string",
- "enum": [AZURE_CRED_COLLECTOR],
- "title": "Azure Credential Collector",
- "safe": True,
- "info": "Collects password credentials from Azure VMs",
- "attack_techniques": ["T1003", "T1005"],
- },
],
}
diff --git a/monkey/monkey_island/cc/services/config_schema/monkey.py b/monkey/monkey_island/cc/services/config_schema/monkey.py
index da06123a9..ddd14a3d0 100644
--- a/monkey/monkey_island/cc/services/config_schema/monkey.py
+++ b/monkey/monkey_island/cc/services/config_schema/monkey.py
@@ -1,6 +1,5 @@
from common.common_consts.system_info_collectors_names import (
AWS_COLLECTOR,
- AZURE_CRED_COLLECTOR,
ENVIRONMENT_COLLECTOR,
HOSTNAME_COLLECTOR,
MIMIKATZ_COLLECTOR,
@@ -94,7 +93,6 @@ MONKEY = {
HOSTNAME_COLLECTOR,
PROCESS_LIST_COLLECTOR,
MIMIKATZ_COLLECTOR,
- AZURE_CRED_COLLECTOR,
],
},
},
diff --git a/monkey/monkey_island/cc/services/reporting/aws_exporter.py b/monkey/monkey_island/cc/services/reporting/aws_exporter.py
index c2d216152..927685560 100644
--- a/monkey/monkey_island/cc/services/reporting/aws_exporter.py
+++ b/monkey/monkey_island/cc/services/reporting/aws_exporter.py
@@ -86,7 +86,6 @@ class AWSExporter(Exporter):
ExploiterDescriptorEnum.STRUTS2.value.class_name: AWSExporter._handle_struts2_issue,
ExploiterDescriptorEnum.WEBLOGIC.value.class_name: AWSExporter._handle_weblogic_issue,
ExploiterDescriptorEnum.HADOOP.value.class_name: AWSExporter._handle_hadoop_issue,
- # azure and conficker are not relevant issues for an AWS env
}
configured_product_arn = INFECTION_MONKEY_ARN
diff --git a/monkey/monkey_island/cc/services/reporting/report.py b/monkey/monkey_island/cc/services/reporting/report.py
index d0ac2939f..8d93d8062 100644
--- a/monkey/monkey_island/cc/services/reporting/report.py
+++ b/monkey/monkey_island/cc/services/reporting/report.py
@@ -97,24 +97,6 @@ class ReportService:
for tunnel in mongo.db.monkey.find({"tunnel": {"$exists": True}}, {"tunnel": 1})
]
- @staticmethod
- def get_azure_issues():
- creds = ReportService.get_azure_creds()
- machines = set([instance["origin"] for instance in creds])
-
- logger.info("Azure issues generated for reporting")
-
- return [
- {
- "type": "azure_password",
- "machine": machine,
- "users": set(
- [instance["username"] for instance in creds if instance["origin"] == machine]
- ),
- }
- for machine in machines
- ]
-
@staticmethod
def get_scanned():
formatted_nodes = []
@@ -249,30 +231,6 @@ class ReportService:
creds.extend(ssh_keys)
return creds
- @staticmethod
- def get_azure_creds():
- """
- Recover all credentials marked as being from an Azure machine
- :return: List of credentials.
- """
- creds = []
- for telem in mongo.db.telemetry.find(
- {"telem_category": "system_info", "data.Azure": {"$exists": True}},
- {"data.Azure": 1, "monkey_guid": 1},
- ):
- azure_users = telem["data"]["Azure"]["usernames"]
- if len(azure_users) == 0:
- continue
- origin = NodeService.get_monkey_by_guid(telem["monkey_guid"])["hostname"]
- azure_leaked_users = [
- {"username": user.replace(",", "."), "type": "Clear Password", "origin": origin}
- for user in azure_users
- ]
- creds.extend(azure_leaked_users)
-
- logger.info("Azure machines creds generated for reporting")
- return creds
-
@staticmethod
def process_exploit(exploit) -> ExploiterReportInfo:
exploiter_type = exploit["data"]["exploiter"]
@@ -628,7 +586,6 @@ class ReportService:
"scanned": scanned_nodes,
"exploited_cnt": exploited_cnt,
"stolen_creds": ReportService.get_stolen_creds(),
- "azure_passwords": ReportService.get_azure_creds(),
"ssh_keys": ReportService.get_ssh_keys(),
"strong_users": PTHReportService.get_strong_users_on_crit_details(),
},
@@ -645,7 +602,6 @@ class ReportService:
ReportService.get_exploits,
ReportService.get_tunnels,
ReportService.get_island_cross_segment_issues,
- ReportService.get_azure_issues,
PTHReportService.get_duplicated_passwords_issues,
PTHReportService.get_strong_users_on_crit_issues,
]
diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
index 28cbb1793..2850af42d 100644
--- a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
@@ -43,7 +43,6 @@ import {
import {tunnelIssueReport, tunnelIssueOverview} from './security/issues/TunnelIssue';
import {stolenCredsIssueOverview} from './security/issues/StolenCredsIssue';
import {weakPasswordIssueOverview} from './security/issues/WeakPasswordIssue';
-import {azurePasswordIssueOverview, azurePasswordIssueReport} from './security/issues/AzurePasswordIssue';
import {strongUsersOnCritIssueReport} from './security/issues/StrongUsersOnCritIssue';
import {
zerologonIssueOverview,
@@ -177,11 +176,6 @@ class ReportPageComponent extends AuthComponent {
[this.issueContentTypes.REPORT]: strongUsersOnCritIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
- 'azure_password': {
- [this.issueContentTypes.OVERVIEW]: azurePasswordIssueOverview,
- [this.issueContentTypes.REPORT]: azurePasswordIssueReport,
- [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
- },
'weak_password': {
[this.issueContentTypes.OVERVIEW]: weakPasswordIssueOverview,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/AzurePasswordIssue.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/AzurePasswordIssue.js
deleted file mode 100644
index 78afa599b..000000000
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/issues/AzurePasswordIssue.js
+++ /dev/null
@@ -1,23 +0,0 @@
-import React from 'react';
-import CollapsibleWellComponent from '../CollapsibleWell';
-
-export function azurePasswordIssueOverview() {
- return (Azure machines expose plaintext passwords. (More info))
-}
-
-export function azurePasswordIssueReport(issue) {
- return (
- <>
- Delete VM Access plugin configuration files.
-
- Credentials could be stolen from {issue.machine} for the following users {issue.users}. Read more about the security issue and remediation here.
-
-
- );
-}