Add DISABLED status for attack techniques

monkey/monkey_island/cc/services/attack/technique_reports/T1136.py

@@ -1,7 +1,12 @@
 from common.data.post_breach_consts import (
     POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER)
+from common.utils.attack_utils import ScanStatus
+from monkey_island.cc.database import mongo
+from monkey_island.cc.services.attack.attack_config import AttackConfig
+from monkey_island.cc.services.attack.technique_reports import AttackTechnique
 from monkey_island.cc.services.attack.technique_reports.pba_technique import \
     PostBreachTechnique
+from monkey_island.cc.services.reporting.report import ReportService
 
 __author__ = "shreyamalviya"
 

monkey/monkey_island/cc/services/attack/technique_reports/T1156.py

@@ -1,5 +1,8 @@
 from common.data.post_breach_consts import \
     POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
+from common.utils.attack_utils import ScanStatus
+from monkey_island.cc.database import mongo
+from monkey_island.cc.services.attack.technique_reports import AttackTechnique
 from monkey_island.cc.services.attack.technique_reports.pba_technique import \
     PostBreachTechnique
 
@@ -8,7 +11,7 @@ __author__ = "shreyamalviya"
 
 class T1156(PostBreachTechnique):
     tech_id = "T1156"
-    unscanned_msg = "Monkey didn't try modifying bash startup files since it found no Linux machines."
+    unscanned_msg = "Monkey did not try modifying bash startup files on the system."
-    scanned_msg = "Monkey tried modifying bash startup files but failed."
+    scanned_msg = "Monkey tried modifying bash startup files on the system but failed."
-    used_msg = "Monkey successfully modified bash startup files."
+    used_msg = "Monkey modified bash startup files on the system."
     pba_names = [POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION]

monkey/monkey_island/cc/services/attack/technique_reports/T1158.py

@@ -10,4 +10,4 @@ class T1158(PostBreachTechnique):
     unscanned_msg = "Monkey didn't try creating hidden files or folders."
     scanned_msg = "Monkey tried creating hidden files and folders on the system but failed."
     used_msg = "Monkey created hidden files and folders on the system."
-    pba_name = POST_BREACH_HIDDEN_FILES
+    pba_names = [POST_BREACH_HIDDEN_FILES]

monkey/monkey_island/cc/services/attack/technique_reports/T1504.py

@@ -1,5 +1,8 @@
 from common.data.post_breach_consts import \
     POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION
+from common.utils.attack_utils import ScanStatus
+from monkey_island.cc.database import mongo
+from monkey_island.cc.services.attack.technique_reports import AttackTechnique
 from monkey_island.cc.services.attack.technique_reports.pba_technique import \
     PostBreachTechnique
 
@@ -8,7 +11,7 @@ __author__ = "shreyamalviya"
 
 class T1504(PostBreachTechnique):
     tech_id = "T1504"
-    unscanned_msg = "Monkey didn't try modifying powershell startup files since it found no Windows machines."
+    unscanned_msg = "Monkey did not try modifying powershell startup files on the system."
-    scanned_msg = "Monkey tried modifying powershell startup files but failed."
+    scanned_msg = "Monkey tried modifying powershell startup files on the system but failed."
-    used_msg = "Monkey successfully modified powershell startup files."
+    used_msg = "Monkey modified powershell startup files on the system."
     pba_names = [POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION]

monkey/monkey_island/cc/services/attack/technique_reports/__init__.py

@@ -10,8 +10,7 @@ from monkey_island.cc.services.attack.attack_config import AttackConfig
 logger = logging.getLogger(__name__)
 
 
-disabled_msg = "This technique has been disabled. " +\
+disabled_msg = "This technique has been disabled. You can enable it from the configuration page."
-               "You can enable it from the [configuration page](../../configure)."
 
 
 class AttackTechnique(object, metaclass=abc.ABCMeta):
@@ -74,7 +73,8 @@ class AttackTechnique(object, metaclass=abc.ABCMeta):
                                           'data.technique': cls.tech_id}):
             return ScanStatus.SCANNED.value
         else:
-            return ScanStatus.UNSCANNED.value
+            return ScanStatus.DISABLED.value if not AttackConfig.get_technique_values()[cls.tech_id]\
+                else ScanStatus.UNSCANNED.value
 
     @classmethod
     def get_message_and_status(cls, status):
@@ -93,7 +93,6 @@ class AttackTechnique(object, metaclass=abc.ABCMeta):
         :param status: Enum from common/attack_utils.py integer value
         :return: message string
         """
-        status = cls._check_status(status)
         if status == ScanStatus.DISABLED.value:
             return disabled_msg
         if status == ScanStatus.UNSCANNED.value:
@@ -143,12 +142,8 @@ class AttackTechnique(object, metaclass=abc.ABCMeta):
             return {}
 
     @classmethod
-    def _check_status(cls, status, *args):
+    def _check_status(cls, status):
-        enabled_in_config = args[0] if args else cls._is_enabled_in_config()
+        if status == ScanStatus.UNSCANNED.value:
-        if status == ScanStatus.UNSCANNED.value and not enabled_in_config:
+            return ScanStatus.DISABLED.value if not AttackConfig.get_technique_values()[cls.tech_id]\
-            return ScanStatus.DISABLED.value
+                    else ScanStatus.UNSCANNED.value
         return status
-
-    @classmethod
-    def _is_enabled_in_config(cls):
-        return AttackConfig.get_technique_values()[cls.tech_id]

monkey/monkey_island/cc/services/attack/technique_reports/pba_technique.py

@@ -9,16 +9,17 @@ from monkey_island.cc.services.attack.technique_reports import AttackTechnique
 class PostBreachTechnique(AttackTechnique, metaclass=abc.ABCMeta):
     @property
     @abc.abstractmethod
-    def pba_name(self):
+    def pba_names(self):
         """
         :return: name of post breach action
         """
         pass
 
     @classmethod
-    def get_pba_query(cls, post_breach_action_name):
+    def get_pba_query(cls, post_breach_action_names):
         return [{'$match': {'telem_category': 'post_breach',
-                            'data.name': post_breach_action_name}},
+                            # 'data.name': post_breach_action_name}},
+                            '$or': [{'data.name': pba_name} for pba_name in post_breach_action_names]}},
                 {'$project': {'_id': 0,
                               'machine': {'hostname': '$data.hostname',
                                           'ips': ['$data.ip']},
@@ -28,7 +29,7 @@ class PostBreachTechnique(AttackTechnique, metaclass=abc.ABCMeta):
     def get_report_data(cls):
         data = {'title': cls.technique_title(), 'info': []}
 
-        info = list(mongo.db.telemetry.aggregate(cls.get_pba_query(cls.pba_name)))
+        info = list(mongo.db.telemetry.aggregate(cls.get_pba_query(cls.pba_names)))
 
         status = []
         for pba_node in info:
@@ -36,6 +37,10 @@ class PostBreachTechnique(AttackTechnique, metaclass=abc.ABCMeta):
         status = (ScanStatus.USED.value if any(status) else ScanStatus.SCANNED.value)\
             if status else ScanStatus.UNSCANNED.value
 
+        if status == ScanStatus.UNSCANNED.value and\
+           not AttackConfig.get_technique_values()[cls.tech_id]:
+            status = ScanStatus.DISABLED.value
+
         data.update(cls.get_base_data_by_status(status))
         data.update({'info': info})
         return data

monkey/monkey_island/cc/ui/src/components/report-components/AttackReport.js

@@ -64,10 +64,10 @@ class AttackReport extends React.Component {
         return 'collapse-warning';
       case ScanStatus.USED:
         return 'collapse-danger';
+      case ScanStatus.UNSCANNED:
+        return 'collapse-unscanned';
       case ScanStatus.DISABLED:
         return 'collapse-disabled';
-      default:
-        return 'collapse-default';
     }
   }
 

monkey/monkey_island/cc/ui/src/styles/components/Collapse.scss

@@ -3,7 +3,7 @@ $transition: 300ms cubic-bezier(0.6, 0.3, 0.3, 0.6);
 $danger-color: #ebbcba;
 $disabled-color: #b7c2ff;
 $info-color: #ade3eb;
-$default-color: #e0ddde;
+$unscanned-color: #e0ddde;
 $warning-color: #ffe28d;
 
 .collapse-item button {
@@ -51,8 +51,12 @@ $warning-color: #ffe28d;
   background-color: $info-color !important;
 }
 
-.collapse-default {
+.collapse-unscanned {
-  background-color: $default-color !important;
+  background-color: $unscanned-color !important;
+}
+
+.collapse-disabled {
+  background-color: $disabled-color !important;
 }
 
 .collapse-disabled {