p17860254
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

island: Add telem category to data for T1086 reporting

This commit is contained in:
Shreya Malviya 2021-10-11 15:22:33 +05:30
parent 2b789fca90
commit d82f61d524
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
View File

@ -17,10 +17,11 @@ class T1086(AttackTechnique):
"data.info.executed_cmds": {"$elemMatch": {"powershell": True}}, "data.info.executed_cmds": {"$elemMatch": {"powershell": True}},
} }
}, },
{"$project": {"machine": "$data.machine", "info": "$data.info"}}, {"$project": {"telem_category": 1, "machine": "$data.machine", "info": "$data.info"}},
{ {
"$project": { "$project": {
"_id": 0, "_id": 0,
"telem_category": 1,
"machine": 1, "machine": 1,
"info.finished": 1, "info.finished": 1,
"info.executed_cmds": { "info.executed_cmds": {
@ -45,6 +46,7 @@ class T1086(AttackTechnique):
{ {
"$project": { "$project": {
"_id": 0, "_id": 0,
"telem_category": 1,
"machine.hostname": "$data.hostname", "machine.hostname": "$data.hostname",
"machine.ips": "$data.ip", "machine.ips": "$data.ip",
"info": "$data.result", "info": "$data.result",
@ -56,7 +58,10 @@ class T1086(AttackTechnique):
def get_report_data(): def get_report_data():
@T1086.is_status_disabled @T1086.is_status_disabled
def get_technique_status_and_data(): def get_technique_status_and_data():
cmd_data = list(mongo.db.telemetry.aggregate(T1086.query_for_exploits)) exploit_cmd_data = list(mongo.db.telemetry.aggregate(T1086.query_for_exploits))
pba_cmd_data = list(mongo.db.telemetry.aggregate(T1086.query_for_pbas))
cmd_data = exploit_cmd_data + pba_cmd_data
if cmd_data: if cmd_data:
status = ScanStatus.USED.value status = ScanStatus.USED.value
else: else: