forked from p15670423/monkey
Island: Refactor T1145 report according to the attack telemetry
This commit is contained in:
parent
6b64b655ce
commit
3d64d0d2e4
|
@ -1,7 +1,11 @@
|
|||
import logging
|
||||
|
||||
from common.utils.attack_utils import ScanStatus
|
||||
from monkey_island.cc.database import mongo
|
||||
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class T1145(AttackTechnique):
|
||||
tech_id = "T1145"
|
||||
|
@ -12,19 +16,39 @@ class T1145(AttackTechnique):
|
|||
|
||||
# Gets data about ssh keys found
|
||||
query = [
|
||||
{"$match": {"telem_category": "attack", "data.technique": tech_id}},
|
||||
{
|
||||
"$match": {
|
||||
"telem_category": "system_info",
|
||||
"data.ssh_info": {"$elemMatch": {"private_key": {"$exists": True}}},
|
||||
"$lookup": {
|
||||
"from": "monkey",
|
||||
"localField": "monkey_guid",
|
||||
"foreignField": "guid",
|
||||
"as": "monkey",
|
||||
}
|
||||
},
|
||||
{
|
||||
"$project": {
|
||||
"_id": 0,
|
||||
"machine": {"hostname": "$data.hostname", "ips": "$data.network_info.networks"},
|
||||
"ssh_info": "$data.ssh_info",
|
||||
"monkey": {"$arrayElemAt": ["$monkey", 0]},
|
||||
"status": "$data.status",
|
||||
"name": "$data.name",
|
||||
"home_dir": "$data.home_dir",
|
||||
}
|
||||
},
|
||||
{
|
||||
"$addFields": {
|
||||
"_id": 0,
|
||||
"machine": {"hostname": "$monkey.hostname", "ips": "$monkey.ip_addresses"},
|
||||
"monkey": 0,
|
||||
}
|
||||
},
|
||||
{
|
||||
"$group": {
|
||||
"_id": {
|
||||
"machine": "$machine",
|
||||
"ssh_info": {"name": "$name", "home_dir": "$home_dir"},
|
||||
}
|
||||
}
|
||||
},
|
||||
{"$replaceRoot": {"newRoot": "$_id"}},
|
||||
]
|
||||
|
||||
@staticmethod
|
||||
|
|
|
@ -10,13 +10,13 @@ class T1145 extends React.Component {
|
|||
super(props);
|
||||
}
|
||||
|
||||
static renderSSHKeys(keys) {
|
||||
let output = [];
|
||||
keys.forEach(function (keyInfo) {
|
||||
output.push(<div key={keyInfo['name'] + keyInfo['home_dir']}>
|
||||
SSH key pair used by <b>{keyInfo['name']}</b> user found in {keyInfo['home_dir']}</div>)
|
||||
});
|
||||
return (<div>{output}</div>);
|
||||
static renderSSHKey(key) {
|
||||
return (
|
||||
<div>
|
||||
<div key={key['name'] + key['home_dir']}>
|
||||
SSH key pair used by <b>{key['name']}</b> user found in {key['home_dir']}
|
||||
</div>
|
||||
</div>);
|
||||
}
|
||||
|
||||
static getKeysInfoColumns() {
|
||||
|
@ -31,7 +31,7 @@ class T1145 extends React.Component {
|
|||
{
|
||||
Header: 'Keys found',
|
||||
id: 'keys',
|
||||
accessor: x => T1145.renderSSHKeys(x.ssh_info),
|
||||
accessor: x => T1145.renderSSHKey(x.ssh_info),
|
||||
style: {'whiteSpace': 'unset'}
|
||||
}
|
||||
]
|
||||
|
|
Loading…
Reference in New Issue