Commit Graph

6286 Commits

Author SHA1 Message Date
Mike Salvatore 0a3488b680 Deployment: Add requirements.txt for attack mitigations dump script 2021-09-30 18:03:28 +02:00
Mike Salvatore 6e92c84f89 Docs: Move attack mitigations from reference -> development 2021-09-30 18:03:28 +02:00
Ilija Lazoroski 43471c6553 Island: Fix typing error in island spec 2021-09-30 18:03:28 +02:00
Ilija Lazoroski 77c51497d0 docs: Add attack mitigations documentation 2021-09-30 18:03:28 +02:00
Ilija Lazoroski 1ed6fed164 Island: Remove attack_data submodule 2021-09-30 18:03:28 +02:00
Ilija Lazoroski 9ea5a56abd UT: Fix database_initializer test 2021-09-30 18:03:23 +02:00
Mike Salvatore 1748955213 Island: Handle metadata in attack mitigations json 2021-09-30 18:00:32 +02:00
Mike Salvatore 45c66fe309 Deployment: Include metadata in attack mitigations json dump 2021-09-30 18:00:32 +02:00
Ilija Lazoroski 8c1afcc2b4 Island: Add import attack mitigations
Also UTs for reset_database from setup mongo.
2021-09-30 18:00:15 +02:00
Mike Salvatore c93d5037b2 Island: Remove unused attack mitigations import code 2021-09-30 10:52:43 -04:00
Mike Salvatore 2a9d9938cd Deployment: Move dump_attack_mitigations into a subdirectory 2021-09-30 10:52:43 -04:00
Ilija Lazoroski 36b13d0db9 Island: Remove attack-data submodule
Removed submodule with its fork.
Remove usage of the submodule.
Fixed monkey_island.spec
Added attack_mitigations dump.
Added hook for above file.
2021-09-30 10:52:41 -04:00
Mike Salvatore 6de33bfd57 Deployment: Import ATT&CK data into mongo 2021-09-30 10:50:52 -04:00
Mike Salvatore 82c8385863 Deployment: Reorder functions in dump_attack_mitigations.py 2021-09-30 10:50:52 -04:00
Mike Salvatore 38f50641a5 Deployment: Wrap argument parsing in function 2021-09-30 10:50:52 -04:00
Mike Salvatore 7bcfc6d27a Deployment: Make dump_attack_mitigations.py executable 2021-09-30 10:50:52 -04:00
Ilija Lazoroski 29f9384b6a Deployment: Initial commit for mongo export utility 2021-09-30 10:50:52 -04:00
VakarisZ f387595104
Merge pull request #1495 from guardicore/delay-mongo-init
Delay mongo init to after registration
2021-09-29 17:03:12 +03:00
VakarisZ 7939ed4739 Alter the log message talking about storing the mitigations: remove the part saying that it will take a while 2021-09-29 17:02:34 +03:00
VakarisZ 579ebf4a0f Alter registration page to show loading icon while registration request is being processed 2021-09-29 16:45:28 +03:00
VakarisZ c211d51d8c Move database reset to happen during the registration 2021-09-29 16:45:28 +03:00
VakarisZ b73958dd55 Rename the CHANGELOG.md entry about resetting login credentials to "Resetting login credentials also cleans the contents of the database. #1495" 2021-09-29 16:45:26 +03:00
Shreya Malviya ab7872d103 CHANGELOG: Add entry for delaying mongo init 2021-09-29 16:44:42 +03:00
Shreya Malviya 2cbaf954e1 docs: Fix spelling mistake 2021-09-29 16:44:16 +03:00
Shreya Malviya 1e02ab6d2b docs: Add warning that DB will be cleared if creds are reset 2021-09-29 16:44:16 +03:00
Shreya Malviya 6fe4d6cb31 island: Drop mongo db when registartion requirement is realised instead
of when registration request is sent

The issue with this whole change is that there's a long gap where
nothing happens after you click on the log in or register button on the
UI.

But we don't need to worry about this because we plan on shipping
Island's mongodb with attack mitigations already present.
2021-09-29 16:44:16 +03:00
Shreya Malviya 340dd1f94b island: Drop mongo db if registration is required 2021-09-29 16:44:16 +03:00
Shreya Malviya 194e244080 island: On login, check if collection 'attack_mitigations' is present in DB,
add if not
2021-09-29 16:44:16 +03:00
Shreya Malviya 3cbeb3dbf7 island: Add attack mitigations to mongo upon registration 2021-09-29 16:44:15 +03:00
Mike Salvatore 51f179c145
Merge pull request #1494 from guardicore/1415/add-ransomware-report-links
1415/add ransomware report links
2021-09-29 08:51:08 -04:00
VakarisZ b791ee16e1
Merge pull request #1501 from guardicore/tunneling-revert-schema
Changed proxy schema for the agent
2021-09-29 10:54:03 +03:00
ilija-lazoroski a5587cd4ad
Merge pull request #1489 from guardicore/1462/powershell-re-use
PowerShell re-use credentials and second hop
2021-09-28 17:57:52 +02:00
Ilija Lazoroski a438f3afb0 Zoo: Replace --os with --skip-powershell-reuse
With this logic the powershell cached will run
if we don't provide the cli param --skip-powershell-reuse.
2021-09-28 17:31:20 +02:00
Ilija Lazoroski 449fe7517e Agent: Changed proxy schema 2021-09-28 16:21:19 +02:00
Mike Salvatore 0839f04b1d
Merge pull request #1483 from guardicore/incorrect-attack-report-msgs
Fix incorrect ATT&CK report messages
2021-09-28 07:24:17 -04:00
VakarisZ beafc0bf9e
Merge pull request #1493 from guardicore/credential_duplication_fix
Duplicate credentials in system info telem
2021-09-28 13:49:21 +03:00
VakarisZ d240427ce2 Remove mimikatz field from sensitive fields in telemetries since telemetries no longer contain such key 2021-09-28 13:09:06 +03:00
VakarisZ 27e2969e79 Remove the unnecessary "mimikatz" info from telemetry data since the exact same data is stored under "credentials" key 2021-09-28 13:03:10 +03:00
VakarisZ e40c83c2ff
Merge pull request #1485 from guardicore/telemetry_encryption
Telemetry encryption in database
2021-09-28 12:18:12 +03:00
VakarisZ 8b9ddb0c4b Removed unnecessary vulture ignores from whitelist 2021-09-28 11:04:42 +03:00
VakarisZ d79892427b Moved credential encryption in mongo CHANGELOG.md entry from Fixes to Security 2021-09-28 11:04:42 +03:00
VakarisZ a24eb841c1 Extract DAL interface for report model into a separate report_dal.py file 2021-09-28 11:04:42 +03:00
VakarisZ 1160ac6af0 Refactor dictionary and sensitive mongo field encryption by moving it to server_utils/encryption 2021-09-28 11:04:42 +03:00
Shreya Malviya cb4b845eaf tests: Fix unit test (remove 'The'; see previous commit) 2021-09-28 12:08:11 +05:30
Shreya Malviya e5b9f96447 island: Remove 'The' from text to be shown in report, for consistency 2021-09-28 12:08:10 +05:30
Shreya Malviya 6def66cfaf island: Move class variable `config_schema_per_attack_technique` to the
top of its class `AttackTechnique`
2021-09-28 12:08:10 +05:30
Mike Salvatore 67262e19d1
Merge pull request #1492 from guardicore/1484/faq-network-limitations
docs: Add faq for limiting monkey propagation
2021-09-27 14:30:57 -04:00
MarketingYeti 4b0bed8267 Docs: Edits to monkey propagation FAQ section 2021-09-27 14:29:10 -04:00
Mike Salvatore e67066dd0d UI: Add external link icon to Ransomware report 2021-09-27 14:20:04 -04:00
Mike Salvatore 7d9386c266 UI: Add ExternalLink React element 2021-09-27 14:19:55 -04:00