p17860254
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Island: Remove usage of credential telemetry

This commit is contained in:
Shreya Malviya 2022-09-15 12:25:02 +05:30
parent b00e0ff427
commit 775b0e69eb
4 changed files with 1 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
monkey/monkey_island/cc/resources/telemetry_feed.py
View File

@ -85,10 +85,6 @@ class TelemetryFeed(AbstractResource):
def get_scan_telem_brief(telem): def get_scan_telem_brief(telem):
return "Monkey discovered machine %s." % telem["data"]["machine"]["ip_addr"] return "Monkey discovered machine %s." % telem["data"]["machine"]["ip_addr"]
@staticmethod
def get_credentials_telem_brief(_):
return "Monkey collected stole some credentials."
@staticmethod @staticmethod
def get_trace_telem_brief(telem): def get_trace_telem_brief(telem):
return "Trace: %s" % telem["data"]["msg"] return "Trace: %s" % telem["data"]["msg"]
@ -116,7 +112,6 @@ class TelemetryFeed(AbstractResource):
TELEM_PROCESS_DICT = { TELEM_PROCESS_DICT = {
TelemCategoryEnum.CREDENTIALS: TelemetryFeed.get_credentials_telem_brief,
TelemCategoryEnum.EXPLOIT: TelemetryFeed.get_exploit_telem_brief, TelemCategoryEnum.EXPLOIT: TelemetryFeed.get_exploit_telem_brief,
TelemCategoryEnum.POST_BREACH: TelemetryFeed.get_post_breach_telem_brief, TelemCategoryEnum.POST_BREACH: TelemetryFeed.get_post_breach_telem_brief,
TelemCategoryEnum.SCAN: TelemetryFeed.get_scan_telem_brief, TelemCategoryEnum.SCAN: TelemetryFeed.get_scan_telem_brief,

13
monkey/monkey_island/cc/services/initialize.py
View File

@ -11,7 +11,6 @@ from common.agent_configuration import (
AgentConfiguration, AgentConfiguration,
) )
from common.aws import AWSInstance from common.aws import AWSInstance
from common.common_consts.telem_categories import TelemCategoryEnum
from common.event_queue import IAgentEventQueue, PyPubSubAgentEventQueue from common.event_queue import IAgentEventQueue, PyPubSubAgentEventQueue
from common.utils.file_utils import get_binary_io_sha256_hash from common.utils.file_utils import get_binary_io_sha256_hash
from monkey_island.cc.event_queue import IIslandEventQueue, PyPubSubIslandEventQueue from monkey_island.cc.event_queue import IIslandEventQueue, PyPubSubIslandEventQueue
@ -40,12 +39,6 @@ from monkey_island.cc.server_utils.encryption import ILockableEncryptor, Reposit
from monkey_island.cc.services import AWSService, IslandModeService from monkey_island.cc.services import AWSService, IslandModeService
from monkey_island.cc.services.attack.technique_reports.T1003 import T1003, T1003GetReportData from monkey_island.cc.services.attack.technique_reports.T1003 import T1003, T1003GetReportData
from monkey_island.cc.services.run_local_monkey import LocalMonkeyRunService from monkey_island.cc.services.run_local_monkey import LocalMonkeyRunService
from monkey_island.cc.services.telemetry.processing.credentials.credentials_parser import (
CredentialsParser,
)
from monkey_island.cc.services.telemetry.processing.processing import (
TELEMETRY_CATEGORY_TO_PROCESSING_FUNC,
)
from monkey_island.cc.setup.mongo.mongo_setup import MONGO_URL from monkey_island.cc.setup.mongo.mongo_setup import MONGO_URL
from . import AuthenticationService from . import AuthenticationService
@ -165,9 +158,3 @@ def _dirty_hacks(container: DIContainer):
# Patches attack technique T1003 which is a static class # Patches attack technique T1003 which is a static class
# but it needs stolen credentials from the database # but it needs stolen credentials from the database
T1003.get_report_data = container.resolve(T1003GetReportData) T1003.get_report_data = container.resolve(T1003GetReportData)
# Note: A hack to resolve credentials parser
# It changes telemetry processing function, this will be refactored!
TELEMETRY_CATEGORY_TO_PROCESSING_FUNC[TelemCategoryEnum.CREDENTIALS] = container.resolve(
CredentialsParser
)

24
monkey/monkey_island/cc/services/telemetry/processing/credentials/credentials_parser.py
View File

@ -1,24 +0,0 @@
import logging
from typing import Mapping
from common.credentials import Credentials
from monkey_island.cc.repository import ICredentialsRepository
logger = logging.getLogger(__name__)
class CredentialsParser:
"""
This class parses and stores telemetry credentials.
"""
def __init__(self, credentials_repository: ICredentialsRepository):
self._credentials_repository = credentials_repository
def __call__(self, telemetry_dict, _agent_configuration):
self._parse_credentials(telemetry_dict, _agent_configuration)
def _parse_credentials(self, telemetry_dict: Mapping, _agent_configuration):
credentials = [Credentials(**credential) for credential in telemetry_dict["data"]]
self._credentials_repository.save_stolen_credentials(credentials)

8
monkey/monkey_island/cc/services/telemetry/processing/processing.py
View File

@ -15,7 +15,6 @@ TELEMETRY_CATEGORY_TO_PROCESSING_FUNC = {
# `lambda *args, **kwargs: None` is a no-op. # `lambda *args, **kwargs: None` is a no-op.
TelemCategoryEnum.ATTACK: lambda *args, **kwargs: None, TelemCategoryEnum.ATTACK: lambda *args, **kwargs: None,
TelemCategoryEnum.AWS_INFO: process_aws_telemetry, TelemCategoryEnum.AWS_INFO: process_aws_telemetry,
TelemCategoryEnum.CREDENTIALS: None, # this is set in monkey_island/cc/services/initialize.py
TelemCategoryEnum.EXPLOIT: process_exploit_telemetry, TelemCategoryEnum.EXPLOIT: process_exploit_telemetry,
TelemCategoryEnum.POST_BREACH: process_post_breach_telemetry, TelemCategoryEnum.POST_BREACH: process_post_breach_telemetry,
TelemCategoryEnum.SCAN: process_scan_telemetry, TelemCategoryEnum.SCAN: process_scan_telemetry,
@ -23,10 +22,6 @@ TELEMETRY_CATEGORY_TO_PROCESSING_FUNC = {
TelemCategoryEnum.TRACE: lambda *args, **kwargs: None, TelemCategoryEnum.TRACE: lambda *args, **kwargs: None,
} }
# Don't save credential telemetries in telemetries collection.
# Credentials are stored in StolenCredentials documents
UNSAVED_TELEMETRIES = [TelemCategoryEnum.CREDENTIALS]
def process_telemetry(telemetry_json, agent_configuration: AgentConfiguration): def process_telemetry(telemetry_json, agent_configuration: AgentConfiguration):
try: try:
@ -38,8 +33,7 @@ def process_telemetry(telemetry_json, agent_configuration: AgentConfiguration):
else: else:
logger.info("Got unknown type of telemetry: %s" % telem_category) logger.info("Got unknown type of telemetry: %s" % telem_category)
if telem_category not in UNSAVED_TELEMETRIES: save_telemetry(telemetry_json)
save_telemetry(telemetry_json)
except Exception as ex: except Exception as ex:
logger.error( logger.error(