Merge pull request #645 from guardicore/feature/zt_performance_fixes

ZeroTrust performance fixes
2020-05-20 15:52:13 +03:00 · 2020-05-20 15:52:13 +03:00 · 1f79c16318
parent 5dd6b40560 44cb87a2c9
commit 1f79c16318
23 changed files with 307 additions and 45 deletions
--- a/.gitignore
+++ b/.gitignore
@ -85,5 +85,8 @@ MonkeyZoo/*
 # Exported monkey telemetries
 /monkey/telem_sample/

+# Profiling logs
+profiler_logs/
+
 # vim swap files
 *.swp
--- a/envs/monkey_zoo/blackbox/test_blackbox.py
+++ b/envs/monkey_zoo/blackbox/test_blackbox.py
@ -10,7 +10,10 @@ from envs.monkey_zoo.blackbox.island_client.monkey_island_client import MonkeyIs
 from envs.monkey_zoo.blackbox.log_handlers.test_logs_handler import TestLogsHandler
 from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
 from envs.monkey_zoo.blackbox.tests.performance.map_generation import MapGenerationTest
+from envs.monkey_zoo.blackbox.tests.performance.map_generation_from_telemetries import MapGenerationFromTelemetryTest
 from envs.monkey_zoo.blackbox.tests.performance.report_generation import ReportGenerationTest
+from envs.monkey_zoo.blackbox.tests.performance.report_generation_from_telemetries import \
+    ReportGenerationFromTelemetryTest
 from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import TelemetryPerformanceTest
 from envs.monkey_zoo.blackbox.utils import gcp_machine_handlers

@ -146,5 +149,11 @@ class TestMonkeyBlackbox(object):
                                                "PERFORMANCE.conf",
                                                timeout_in_seconds=10*60)

+    def test_report_generation_from_fake_telemetries(self, island_client):
+        ReportGenerationFromTelemetryTest(island_client).run()
+
+    def test_map_generation_from_fake_telemetries(self, island_client):
+        MapGenerationFromTelemetryTest(island_client).run()
+
    def test_telem_performance(self, island_client):
        TelemetryPerformanceTest(island_client).test_telemetry_performance()
--- a/envs/monkey_zoo/blackbox/tests/performance/map_generation_from_telemetries.py
+++ b/envs/monkey_zoo/blackbox/tests/performance/map_generation_from_telemetries.py
@ -0,0 +1,31 @@
+from datetime import timedelta
+
+from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest
+from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
+from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test_workflow import \
+    TelemetryPerformanceTestWorkflow
+
+MAX_ALLOWED_SINGLE_PAGE_TIME = timedelta(seconds=2)
+MAX_ALLOWED_TOTAL_TIME = timedelta(seconds=5)
+
+MAP_RESOURCES = [
+    "api/netmap",
+]
+
+
+class MapGenerationFromTelemetryTest(PerformanceTest):
+
+    TEST_NAME = "Map generation from fake telemetries test"
+
+    def __init__(self, island_client, break_on_timeout=False):
+        self.island_client = island_client
+        performance_config = PerformanceTestConfig(max_allowed_single_page_time=MAX_ALLOWED_SINGLE_PAGE_TIME,
+                                                   max_allowed_total_time=MAX_ALLOWED_TOTAL_TIME,
+                                                   endpoints_to_test=MAP_RESOURCES,
+                                                   break_on_timeout=break_on_timeout)
+        self.performance_test_workflow = TelemetryPerformanceTestWorkflow(MapGenerationFromTelemetryTest.TEST_NAME,
+                                                                          self.island_client,
+                                                                          performance_config)
+
+    def run(self):
+        self.performance_test_workflow.run()
--- a/envs/monkey_zoo/blackbox/tests/performance/performance_test_workflow.py
+++ b/envs/monkey_zoo/blackbox/tests/performance/performance_test_workflow.py
@ -25,6 +25,8 @@ class PerformanceTestWorkflow(BasicTest):
            self.exploitation_test.wait_for_monkey_process_to_finish()
        performance_test = EndpointPerformanceTest(self.name, self.performance_config, self.island_client)
        try:
+            if not self.island_client.is_all_monkeys_dead():
+                raise RuntimeError("Can't test report times since not all Monkeys have died.")
            assert performance_test.run()
        finally:
            self.exploitation_test.parse_logs()
--- a/envs/monkey_zoo/blackbox/tests/performance/report_generation_from_telemetries.py
+++ b/envs/monkey_zoo/blackbox/tests/performance/report_generation_from_telemetries.py
@ -0,0 +1,35 @@
+from datetime import timedelta
+
+from envs.monkey_zoo.blackbox.tests.performance.performance_test import PerformanceTest
+from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
+from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test_workflow import \
+    TelemetryPerformanceTestWorkflow
+
+MAX_ALLOWED_SINGLE_PAGE_TIME = timedelta(seconds=2)
+MAX_ALLOWED_TOTAL_TIME = timedelta(seconds=5)
+
+REPORT_RESOURCES = [
+    "api/report/security",
+    "api/attack/report",
+    "api/report/zero_trust/findings",
+    "api/report/zero_trust/principles",
+    "api/report/zero_trust/pillars"
+]
+
+
+class ReportGenerationFromTelemetryTest(PerformanceTest):
+
+    TEST_NAME = "Map generation from fake telemetries test"
+
+    def __init__(self, island_client, break_on_timeout=False):
+        self.island_client = island_client
+        performance_config = PerformanceTestConfig(max_allowed_single_page_time=MAX_ALLOWED_SINGLE_PAGE_TIME,
+                                                   max_allowed_total_time=MAX_ALLOWED_TOTAL_TIME,
+                                                   endpoints_to_test=REPORT_RESOURCES,
+                                                   break_on_timeout=break_on_timeout)
+        self.performance_test_workflow = TelemetryPerformanceTestWorkflow(ReportGenerationFromTelemetryTest.TEST_NAME,
+                                                                          self.island_client,
+                                                                          performance_config)
+
+    def run(self):
+        self.performance_test_workflow.run()
--- a/envs/monkey_zoo/blackbox/tests/performance/telemetry_performance_test_workflow.py
+++ b/envs/monkey_zoo/blackbox/tests/performance/telemetry_performance_test_workflow.py
@ -0,0 +1,20 @@
+from envs.monkey_zoo.blackbox.tests.basic_test import BasicTest
+from envs.monkey_zoo.blackbox.tests.performance.endpoint_performance_test import EndpointPerformanceTest
+from envs.monkey_zoo.blackbox.tests.performance.performance_test_config import PerformanceTestConfig
+from envs.monkey_zoo.blackbox.tests.performance.telemetry_performance_test import TelemetryPerformanceTest
+
+
+class TelemetryPerformanceTestWorkflow(BasicTest):
+
+    def __init__(self, name, island_client, performance_config: PerformanceTestConfig):
+        self.name = name
+        self.island_client = island_client
+        self.performance_config = performance_config
+
+    def run(self):
+        try:
+            TelemetryPerformanceTest(island_client=self.island_client).test_telemetry_performance()
+            performance_test = EndpointPerformanceTest(self.name, self.performance_config, self.island_client)
+            assert performance_test.run()
+        finally:
+            self.island_client.reset_env()
--- a/monkey/monkey_island/cc/app.py
+++ b/monkey/monkey_island/cc/app.py
@ -32,6 +32,7 @@ from monkey_island.cc.resources.pba_file_upload import FileUpload
 from monkey_island.cc.resources.attack.attack_config import AttackConfiguration
 from monkey_island.cc.resources.attack.attack_report import AttackReport
 from monkey_island.cc.resources.bootloader import Bootloader
+from monkey_island.cc.resources.zero_trust.finding_event import ZeroTrustFindingEvent
 from monkey_island.cc.services.database import Database
 from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService
 from monkey_island.cc.services.representations import output_json
@ -107,6 +108,7 @@ def init_api_resources(api):
        Report,
        '/api/report/<string:report_type>',
        '/api/report/<string:report_type>/<string:report_data>')
+    api.add_resource(ZeroTrustFindingEvent, '/api/zero-trust/finding-event/<string:finding_id>')

    api.add_resource(TelemetryFeed, '/api/telemetry-feed', '/api/telemetry-feed/')
    api.add_resource(Log, '/api/log', '/api/log/')
--- a/monkey/monkey_island/cc/models/zero_trust/aggregate_finding.py
+++ b/monkey/monkey_island/cc/models/zero_trust/aggregate_finding.py
@ -12,7 +12,7 @@ class AggregateFinding(Finding):
        :raises: Assertion error if this is used when there's more then one finding which fits the query - this is not
        when this function should be used.
        """
-        existing_findings = Finding.objects(test=test, status=status)
+        existing_findings = Finding.objects(test=test, status=status).exclude('events')
        assert (len(existing_findings) < 2), "More than one finding exists for {}:{}".format(test, status)

        if len(existing_findings) == 0:
@ -21,7 +21,6 @@ class AggregateFinding(Finding):
            # Now we know for sure this is the only one
            orig_finding = existing_findings[0]
            orig_finding.add_events(events)
-            orig_finding.save()


 def add_malicious_activity_to_timeline(events):
--- a/monkey/monkey_island/cc/models/zero_trust/event.py
+++ b/monkey/monkey_island/cc/models/zero_trust/event.py
@ -23,7 +23,9 @@ class Event(EmbeddedDocument):

    # LOGIC
    @staticmethod
-    def create_event(title, message, event_type, timestamp=datetime.now()):
+    def create_event(title, message, event_type, timestamp=None):
+        if not timestamp:
+            timestamp = datetime.now()
        event = Event(
            timestamp=timestamp,
            title=title,
--- a/monkey/monkey_island/cc/models/zero_trust/finding.py
+++ b/monkey/monkey_island/cc/models/zero_trust/finding.py
@ -2,6 +2,7 @@
 """
 Define a Document Schema for Zero Trust findings.
 """
+from typing import List

 from mongoengine import Document, StringField, EmbeddedDocumentListField

@ -55,6 +56,5 @@ class Finding(Document):

        return finding

-    def add_events(self, events):
-        # type: (list) -> None
-        self.events.extend(events)
+    def add_events(self, events: List) -> None:
+        self.update(push_all__events=events)
--- a/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py
+++ b/monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py
@ -1,3 +1,8 @@
+import unittest
+from packaging import version
+
+import mongomock
+
 import common.data.zero_trust_consts as zero_trust_consts
 from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding
 from monkey_island.cc.models.zero_trust.event import Event
@ -6,6 +11,9 @@ from monkey_island.cc.testing.IslandTestCase import IslandTestCase


 class TestAggregateFinding(IslandTestCase):
+
+    @unittest.skipIf(version.parse(mongomock.__version__) <= version.parse("3.19.0"),
+                     "mongomock version doesn't support this test")
    def test_create_or_add_to_existing(self):
        self.fail_if_not_testing_env()
        self.clean_finding_db()
@ -25,6 +33,8 @@ class TestAggregateFinding(IslandTestCase):
        self.assertEqual(len(Finding.objects(test=test, status=status)), 1)
        self.assertEqual(len(Finding.objects(test=test, status=status)[0].events), 2)

+    @unittest.skipIf(version.parse(mongomock.__version__) <= version.parse("3.19.0"),
+                     "mongomock version doesn't support this test")
    def test_create_or_add_to_existing_2_tests_already_exist(self):
        self.fail_if_not_testing_env()
        self.clean_finding_db()
--- a/monkey/monkey_island/cc/resources/zero_trust/finding_event.py
+++ b/monkey/monkey_island/cc/resources/zero_trust/finding_event.py
@ -0,0 +1,12 @@
+import flask_restful
+import json
+
+from monkey_island.cc.auth import jwt_required
+from monkey_island.cc.services.reporting.zero_trust_service import ZeroTrustService
+
+
+class ZeroTrustFindingEvent(flask_restful.Resource):
+
+    @jwt_required()
+    def get(self, finding_id: str):
+        return {'events_json': json.dumps(ZeroTrustService.get_events_by_finding(finding_id), default=str)}
--- a/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py
+++ b/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py
@ -1,6 +1,7 @@
 import common.data.zero_trust_consts as zero_trust_consts
 from monkey_island.cc.models.zero_trust.finding import Finding
 from monkey_island.cc.services.reporting.zero_trust_service import ZeroTrustService
+import monkey_island.cc.services.reporting.zero_trust_service
 from monkey_island.cc.testing.IslandTestCase import IslandTestCase

 EXPECTED_DICT = {
@ -316,6 +317,12 @@ class TestZeroTrustService(IslandTestCase):

        self.assertEqual(ZeroTrustService.get_pillars_to_statuses(), expected)

+    def test_get_events_without_overlap(self):
+        monkey_island.cc.services.reporting.zero_trust_service.EVENT_FETCH_CNT = 5
+        self.assertListEqual([], ZeroTrustService._get_events_without_overlap(5, [1, 2, 3]))
+        self.assertListEqual([3], ZeroTrustService._get_events_without_overlap(6, [1, 2, 3]))
+        self.assertListEqual([1, 2, 3, 4, 5], ZeroTrustService._get_events_without_overlap(10, [1, 2, 3, 4, 5]))
+

 def compare_lists_no_order(s, t):
    t = list(t)  # make a mutable copy
--- a/monkey/monkey_island/cc/services/reporting/zero_trust_service.py
+++ b/monkey/monkey_island/cc/services/reporting/zero_trust_service.py
@ -1,21 +1,26 @@
-import json
+from typing import List

 import common.data.zero_trust_consts as zero_trust_consts
+from bson.objectid import ObjectId

 from monkey_island.cc.models.zero_trust.finding import Finding

+# How many events of a single finding to return to UI.
+# 50 will return 50 latest and 50 oldest events from a finding
+EVENT_FETCH_CNT = 50
+

 class ZeroTrustService(object):
    @staticmethod
    def get_pillars_grades():
        pillars_grades = []
+        all_findings = Finding.objects().exclude('events')
        for pillar in zero_trust_consts.PILLARS:
-            pillars_grades.append(ZeroTrustService.__get_pillar_grade(pillar))
+            pillars_grades.append(ZeroTrustService.__get_pillar_grade(pillar, all_findings))
        return pillars_grades

    @staticmethod
-    def __get_pillar_grade(pillar):
-        all_findings = Finding.objects()
+    def __get_pillar_grade(pillar, all_findings):
        pillar_grade = {
            "pillar": pillar,
            zero_trust_consts.STATUS_FAILED: 0,
@ -65,7 +70,7 @@ class ZeroTrustService(object):
        worst_status = zero_trust_consts.STATUS_UNEXECUTED
        all_statuses = set()
        for test in principle_tests:
-            all_statuses |= set(Finding.objects(test=test).distinct("status"))
+            all_statuses |= set(Finding.objects(test=test).exclude('events').distinct("status"))

        for status in all_statuses:
            if zero_trust_consts.ORDERED_TEST_STATUSES.index(status) \
@ -78,7 +83,7 @@ class ZeroTrustService(object):
    def __get_tests_status(principle_tests):
        results = []
        for test in principle_tests:
-            test_findings = Finding.objects(test=test)
+            test_findings = Finding.objects(test=test).exclude('events')
            results.append(
                {
                    "test": zero_trust_consts.TESTS_MAP[test][zero_trust_consts.TEST_EXPLANATION_KEY],
@ -104,25 +109,42 @@ class ZeroTrustService(object):

    @staticmethod
    def get_all_findings():
-        all_findings = Finding.objects()
+        pipeline = [{'$addFields': {'oldest_events': {'$slice': ['$events', EVENT_FETCH_CNT]},
+                                    'latest_events': {'$slice': ['$events', -1*EVENT_FETCH_CNT]},
+                                    'event_count': {'$size': '$events'}}},
+                    {'$unset': ['events']}]
+        all_findings = list(Finding.objects.aggregate(*pipeline))
+        for finding in all_findings:
+            finding['latest_events'] = ZeroTrustService._get_events_without_overlap(finding['event_count'],
+                                                                                    finding['latest_events'])
+
        enriched_findings = [ZeroTrustService.__get_enriched_finding(f) for f in all_findings]
        return enriched_findings

    @staticmethod
-    def __get_enriched_finding(finding):
-        test_info = zero_trust_consts.TESTS_MAP[finding.test]
-        enriched_finding = {
-            "test": test_info[zero_trust_consts.FINDING_EXPLANATION_BY_STATUS_KEY][finding.status],
-            "test_key": finding.test,
-            "pillars": test_info[zero_trust_consts.PILLARS_KEY],
-            "status": finding.status,
-            "events": ZeroTrustService.__get_events_as_dict(finding.events)
-        }
-        return enriched_finding
+    def _get_events_without_overlap(event_count: int, events: List[object]) -> List[object]:
+        overlap_count = event_count - EVENT_FETCH_CNT
+        if overlap_count >= EVENT_FETCH_CNT:
+            return events
+        elif overlap_count <= 0:
+            return []
+        else:
+            return events[-1 * overlap_count:]

    @staticmethod
-    def __get_events_as_dict(events):
-        return [json.loads(event.to_json()) for event in events]
+    def __get_enriched_finding(finding):
+        test_info = zero_trust_consts.TESTS_MAP[finding['test']]
+        enriched_finding = {
+            'finding_id': str(finding['_id']),
+            'test': test_info[zero_trust_consts.FINDING_EXPLANATION_BY_STATUS_KEY][finding['status']],
+            'test_key': finding['test'],
+            'pillars': test_info[zero_trust_consts.PILLARS_KEY],
+            'status': finding['status'],
+            'latest_events': finding['latest_events'],
+            'oldest_events': finding['oldest_events'],
+            'event_count': finding['event_count']
+        }
+        return enriched_finding

    @staticmethod
    def get_statuses_to_pillars():
@ -147,8 +169,17 @@ class ZeroTrustService(object):

    @staticmethod
    def __get_status_of_single_pillar(pillar):
-        grade = ZeroTrustService.__get_pillar_grade(pillar)
+        all_findings = Finding.objects().exclude('events')
+        grade = ZeroTrustService.__get_pillar_grade(pillar, all_findings)
        for status in zero_trust_consts.ORDERED_TEST_STATUSES:
            if grade[status] > 0:
                return status
        return zero_trust_consts.STATUS_UNEXECUTED
+
+    @staticmethod
+    def get_events_by_finding(finding_id: str) -> List[object]:
+        pipeline = [{'$match': {'_id': ObjectId(finding_id)}},
+                    {'$unwind': '$events'},
+                    {'$project': {'events': '$events'}},
+                    {'$replaceRoot': {'newRoot': '$events'}}]
+        return list(Finding.objects.aggregate(*pipeline))
--- a/monkey/monkey_island/cc/testing/README.md
+++ b/monkey/monkey_island/cc/testing/README.md
@ -0,0 +1,9 @@
+# Profiling island
+
+To profile specific methods on island a `@profile(sort_args=['cumulative'], print_args=[100])` 
+decorator can be used. 
+Use it as any other decorator. After decorated method is used, a file will appear in a
+directory provided in `profiler_decorator.py`. Filename describes the path of
+the method that was profiled. For example if method `monkey_island/cc/resources/netmap.get`
+was profiled, then the results of this profiling will appear in 
+`monkey_island_cc_resources_netmap_get`.
--- a/monkey/monkey_island/cc/testing/profiler_decorator.py
+++ b/monkey/monkey_island/cc/testing/profiler_decorator.py
@ -0,0 +1,32 @@
+from cProfile import Profile
+import os
+import pstats
+
+PROFILER_LOG_DIR = "./profiler_logs/"
+
+
+def profile(sort_args=['cumulative'], print_args=[100]):
+
+    def decorator(fn):
+        def inner(*args, **kwargs):
+            result = None
+            try:
+                profiler = Profile()
+                result = profiler.runcall(fn, *args, **kwargs)
+            finally:
+                try:
+                    os.mkdir(PROFILER_LOG_DIR)
+                except os.error:
+                    pass
+                filename = PROFILER_LOG_DIR + _get_filename_for_function(fn)
+                with open(filename, 'w') as stream:
+                    stats = pstats.Stats(profiler, stream=stream)
+                    stats.strip_dirs().sort_stats(*sort_args).print_stats(*print_args)
+            return result
+        return inner
+    return decorator
+
+
+def _get_filename_for_function(fn):
+    function_name = fn.__module__ + "." + fn.__name__
+    return function_name.replace(".", "_")
--- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsButton.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsButton.js
@ -24,7 +24,12 @@ export default class EventsButton extends Component {

  render() {
    return <Fragment>
-      <EventsModal events={this.props.events} showEvents={this.state.isShow} hideCallback={this.hide}
+      <EventsModal finding_id={this.props.finding_id}
+                   latest_events={this.props.latest_events}
+                   oldest_events={this.props.oldest_events}
+                   event_count={this.props.event_count}
+                   showEvents={this.state.isShow}
+                   hideCallback={this.hide}
                   exportFilename={this.props.exportFilename}/>
      <div className="text-center" style={{'display': 'grid'}}>
        <Button className="btn btn-primary btn-lg" onClick={this.show}>
@ -35,12 +40,14 @@ export default class EventsButton extends Component {
  }

  createEventsAmountBadge() {
-    const eventsAmountBadgeContent = this.props.events.length > 9 ? '9+' : this.props.events.length;
+    const eventsAmountBadgeContent = this.props.event_count > 9 ? '9+' : this.props.event_count;
    return <Badge>{eventsAmountBadgeContent}</Badge>;
  }
 }

 EventsButton.propTypes = {
-  events: PropTypes.array,
+  latest_events: PropTypes.array,
+  oldest_events: PropTypes.array,
+  event_count: PropTypes.number,
  exportFilename: PropTypes.string
 };
--- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsModal.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsModal.js
@ -1,12 +1,17 @@
-import React, {Component} from 'react';
+import React from 'react';
 import {Modal} from 'react-bootstrap';
 import EventsTimeline from './EventsTimeline';
 import * as PropTypes from 'prop-types';
 import saveJsonToFile from '../../utils/SaveJsonToFile';
 import EventsModalButtons from './EventsModalButtons';
-import Pluralize from 'pluralize'
+import AuthComponent from '../../AuthComponent';
+import Pluralize from 'pluralize';
+import SkippedEventsTimeline from './SkippedEventsTimeline';

-export default class EventsModal extends Component {
+const FINDING_EVENTS_URL = '/api/zero-trust/finding-event/';
+
+
+export default class EventsModal extends AuthComponent {
  constructor(props) {
    super(props);
  }
@ -21,12 +26,20 @@ export default class EventsModal extends Component {
            </h3>
            <hr/>
            <p>
-              There {Pluralize('is', this.props.events.length)} {<div
-              className={'label label-primary'}>{this.props.events.length}</div>} {Pluralize('event', this.props.events.length)} associated
+              There {Pluralize('is', this.props.event_count)} {<div
+              className={'label label-primary'}>{this.props.event_count}</div>}
+              {Pluralize('event', this.props.event_count)} associated
              with this finding.
+              {<div className={'label label-primary'}>
+                {this.props.latest_events.length + this.props.oldest_events.length}
+              </div>} {Pluralize('is', this.props.event_count)} displayed below.
+              All events can be exported to json.
            </p>
-            {this.props.events.length > 5 ? this.renderButtons() : null}
-            <EventsTimeline events={this.props.events}/>
+            {this.props.event_count > 5 ? this.renderButtons() : null}
+            <EventsTimeline events={this.props.oldest_events}/>
+            {this.props.event_count > this.props.latest_events.length+this.props.oldest_events.length ?
+              this.renderSkippedEventsTimeline() : null}
+            <EventsTimeline events={this.props.latest_events}/>
            {this.renderButtons()}
          </Modal.Body>
        </Modal>
@ -34,13 +47,24 @@ export default class EventsModal extends Component {
    );
  }

+  renderSkippedEventsTimeline(){
+    return <div className={'skipped-events-timeline'}>
+      <SkippedEventsTimeline
+              skipped_count={this.props.event_count -
+                             this.props.latest_events.length + this.props.oldest_events.length}/>
+    </div>
+  }
+
  renderButtons() {
    return <EventsModalButtons
      onClickClose={() => this.props.hideCallback()}
      onClickExport={() => {
-        const dataToSave = this.props.events;
-        const filename = this.props.exportFilename;
-        saveJsonToFile(dataToSave, filename);
+        let full_url = FINDING_EVENTS_URL + this.props.finding_id;
+        this.authFetch(full_url).then(res => res.json()).then(res => {
+          const dataToSave = res.events_json;
+          const filename = this.props.exportFilename;
+          saveJsonToFile(dataToSave, filename);
+        });
      }}/>;
  }
 }
--- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsTimeline.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/EventsTimeline.js
@ -17,7 +17,7 @@ export default class EventsTimeline extends Component {
        <Timeline style={{fontSize: '100%'}}>
          {
            this.props.events.map((event, index) => {
-              const event_time = new Date(event.timestamp['$date']).toString();
+              const event_time = new Date(event.timestamp).toString();
              return (<TimelineEvent
                key={index}
                createdAt={event_time}
--- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/FindingsTable.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/FindingsTable.js
@ -18,7 +18,11 @@ const columns = [
      {
        Header: 'Events', id: 'events',
        accessor: x => {
-          return <EventsButton events={x.events} exportFilename={'Events_' + x.test_key}/>;
+          return <EventsButton finding_id={x.finding_id}
+                               latest_events={x.latest_events}
+                               oldest_events={x.oldest_events}
+                               event_count={x.event_count}
+                               exportFilename={'Events_' + x.test_key}/>;
        },
        maxWidth: EVENTS_COLUMN_MAX_WIDTH
      },
--- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SkippedEventsTimeline.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SkippedEventsTimeline.js
@ -0,0 +1,26 @@
+import React, {Component} from 'react';
+import {Timeline, TimelineEvent} from 'react-event-timeline';
+import { faArrowsAltV } from '@fortawesome/free-solid-svg-icons';
+import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
+import * as PropTypes from 'prop-types';
+
+
+export default class SkippedEventsTimeline extends Component {
+
+  render() {
+    return (
+      <div>
+        <Timeline style={{fontSize: '100%'}}>
+          <TimelineEvent
+            bubbleStyle={{border: '2px solid #ffcc00'}}
+            title='Events in between are not displayed, but can be exported to JSON.'
+            icon={<FontAwesomeIcon className={'timeline-event-icon'} icon={faArrowsAltV}/>} >
+            {this.props.skipped_count} events not displayed.
+          </TimelineEvent>
+        </Timeline>
+      </div>
+    );
+  }
+}
+
+SkippedEventsTimeline.propTypes = {skipped_count: PropTypes.number};
--- a/monkey/monkey_island/cc/ui/src/styles/report/ReportPage.scss
+++ b/monkey/monkey_island/cc/ui/src/styles/report/ReportPage.scss
@ -2,7 +2,7 @@
  margin-bottom: 2em !important;
  position: sticky;
  top: 0;
-  z-index: 1000000;
+  z-index: 1000;
  background-color: #ffffff;
  font-size: large;
 }
--- a/monkey/monkey_island/linux/install_mongo.sh
+++ b/monkey/monkey_island/linux/install_mongo.sh
@ -17,9 +17,6 @@ elif [[ ${os_version_monkey} == "Ubuntu 18.04"* ]]; then
 elif [[ ${os_version_monkey} == "Ubuntu 19.10"* ]]; then
  echo Detected Ubuntu 19.10
  export tgz_url="https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1804-4.2.3.tgz"
-elif [[ ${os_version_monkey} == "Debian GNU/Linux 8"* ]]; then
-  echo Detected Debian 8
-  export tgz_url="https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-debian81-4.0.16.tgz"
 elif [[ ${os_version_monkey} == "Debian GNU/Linux 9"* ]]; then
  echo Detected Debian 9
  export tgz_url="https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-debian92-4.2.3.tgz"