{
    "id": "JFXftJml8DpmuCPBA9rL",
    "name": "Add details about your new PBA",
    "task": {
        "dod": "You should add your new PBA's details to the configuration.",
        "tests": [],
        "hints": [
            "Have a look at the details of the other techniques."
        ]
    },
    "content": [
        {
            "type": "text",
            "text": "In order to make sure that the new `ScheduleJobs` PBA is shown in the configuration on the Monkey Island, you need to add its details to the configuration file(s). <br><br>\n\nSince this particular PBA is related to the MITRE techniques [T1168](https://attack.mitre.org/techniques/T1168) and [T1053](https://attack.mitre.org/techniques/T1053), make sure to link the PBA with these techniques in the configuration as well. <br><br>\n\nEach part of the configuration has an important role  \n- *enum* — contains the relevant PBA's class name(s)\n- *title* — holds the name of the PBA which is displayed in the configuration on the Monkey Island\n- *info* — consists of an elaboration on the PBA's working which is displayed in the configuration on the Monkey Island\n- *attack_techniques* — has the IDs of the MITRE techniques associated with the PBA\n\n## Manual test  \nOnce you think you're done...\n- Run the Monkey Island\n- You should be able to see your new PBA under the \"Monkey\" tab in the configuration, along with its information when you click on it\n- Further, when you enable/disable the associated MITRE techniques under the ATT&CK tab in the configuration, the PBA should also be enabled/disabled\n\n<img src=\"https://i.imgur.com/a5VSkL5.gif\" height=400>"
        },
        {
            "type": "snippet",
            "path": "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py",
            "comments": [],
            "firstLineNumber": 56,
            "lines": [
                "             \"Removes the file afterwards.\",",
                "             \"attack_techniques\": [\"T1166\"],",
                "         },",
                "*        {",
                "+        # Swimmer: ADD DETAILS HERE!",
                "*            \"type\": \"string\",",
                "*            \"enum\": [\"ScheduleJobs\"],",
                "*            \"title\": \"Job scheduling\",",
                "*            \"safe\": True,",
                "*            \"info\": \"Attempts to create a scheduled job on the system and remove it.\",",
                "*            \"attack_techniques\": [\"T1168\", \"T1053\"],",
                "*        },",
                "         {",
                "             \"type\": \"string\",",
                "             \"enum\": [\"Timestomping\"],"
            ]
        },
        {
            "type": "text",
            "text": "- The PBA details in this file are reflected on the Monkey Island in the PBA configuration.\n- PBAs are also linked to the relevant MITRE techniques in this file, whose results can then be seen in the MITRE ATT&CK report on the Monkey Island."
        }
    ],
    "symbols": {},
    "file_version": "2.0.1",
    "meta": {
        "app_version": "0.4.1-1",
        "file_blobs": {
            "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": "ea9b18aba7f71da12c9c82ac39d8a0cf2c472a9c"
        }
    }
}