Ilija Lazoroski
c8aee645fa
Agent: Import attack technique tags from common in SSHCollector
2022-10-05 11:24:52 +02:00
Ilija Lazoroski
491612f9e8
Common: Add T1005 and T1145 attack technique tags
2022-10-05 11:21:28 +02:00
Ilija Lazoroski
0ed167fb48
Agent: Import attack technique tags from common in Zerologon
2022-10-05 11:13:39 +02:00
Ilija Lazoroski
e46bb8964d
Common: Add T1003 and T1098 attack technique tags
2022-10-05 11:11:18 +02:00
Mike Salvatore
fd8ea53e8b
Merge branch '2269-remove-find_monkeys_in_db' into develop
...
PR #2391
2022-10-04 18:21:00 -04:00
Mike Salvatore
bbbb1ac773
Island: Remove disused LogBlackboxEndpoint
2022-10-04 16:30:13 -04:00
Mike Salvatore
6ae7676322
BB: Pass generator instead of list comprehension to all()
...
This will allow a short-circuit.
2022-10-04 16:30:13 -04:00
Mike Salvatore
b713cce893
Island: Remove /api/test/monkey endpoint
2022-10-04 16:30:13 -04:00
Kekoa Kaaikala
2bea619786
BB: Removed unused method and endpoint
2022-10-04 16:30:13 -04:00
Kekoa Kaaikala
e0c9717da9
BB: Update test_compabitiblity to use new api
2022-10-04 16:30:13 -04:00
Kekoa Kaaikala
73fbc22e3d
BB: Remove find_monkeys_in_db
2022-10-04 16:30:13 -04:00
Mike Salvatore
a691a16625
Merge pull request #2393 from guardicore/2269-update-hostexploiter
...
2269 update hostexploiter
2022-10-04 15:34:08 -04:00
Mike Salvatore
3172433410
Agent: Swap order of _publish_{propagation,exploitation}_event()
...
Putting _publish_exploitation_event() first puts the methods in both
alphabetical and chronological order.
2022-10-04 15:20:14 -04:00
Mike Salvatore
8e6a098a2e
Project: Add HostExploiter methods to vulture_allowlist.py
2022-10-04 15:18:12 -04:00
Kekoa Kaaikala
a07eadce60
Common: Add T1570 attack technique
2022-10-04 18:00:41 +00:00
Kekoa Kaaikala
d1a8ce2082
Common: Add T1210 tag
2022-10-04 17:58:33 +00:00
Kekoa Kaaikala
6a100105be
Common: Order attack tags alphanumerically
2022-10-04 17:58:23 +00:00
Ilija Lazoroski
8b4af5c349
Common: Fix typo in attack tags
2022-10-04 17:57:57 +00:00
Ilija Lazoroski
dd35bebb3e
Common: Add T1203 attack technique tag
2022-10-04 17:57:16 +00:00
Ilija Lazoroski
bb11ea7857
Common: Add attack tags
2022-10-04 17:56:49 +00:00
Kekoa Kaaikala
ee77eddaab
Agent: Fix tuple type hint
2022-10-04 17:50:39 +00:00
Kekoa Kaaikala
116ae90f3d
UT: Remove host exploiter tests
2022-10-04 17:45:30 +00:00
Kekoa Kaaikala
b94002a984
Agent: Make publish methods private
2022-10-04 17:44:37 +00:00
Ilija Lazoroski
8e161f0fd9
Agent: Accept tuple as tags to HostExploiter publish events methods
2022-10-04 17:36:27 +00:00
Ilija Lazoroski
95b3556cd0
Agent: Exploiter name when publishing events to be __class__.__name__
2022-10-04 17:36:05 +00:00
Kekoa Kaaikala
a79d40b42e
UT: Fix powershell tests
2022-10-04 17:35:33 +00:00
Kekoa Kaaikala
3e86766aaf
Agent: Use default value for exploiter name
2022-10-04 17:35:05 +00:00
Ilija Lazoroski
0b72e4ef9a
Agent: Add publish methods to HostExploiter
2022-10-04 17:34:41 +00:00
Ilija Lazoroski
bf4fecf464
Agent: Rename event_queue to agent_event_queue in HostExploiter
2022-10-04 17:34:31 +00:00
Mike Salvatore
4ace93e417
Merge branch 'consolidate-agent-event-handlers' into develop
...
PR #2390
2022-10-03 15:19:16 -04:00
Mike Salvatore
adee0b4063
Agent: Move add_credentials_from_event to agent_event_handlers package
2022-10-03 14:47:03 -04:00
Mike Salvatore
37b884a5b8
Agent: Move agent_event_forwarder.py to agent_event_handlers package
2022-10-03 14:47:03 -04:00
Mike Salvatore
a3ce870b64
Merge pull request #2389 from guardicore/2269-notify-relay-on-propagation
...
2269 notify relay on propagation
2022-10-03 14:46:14 -04:00
Mike Salvatore
399fedfba5
UT: Rename test_relay_not_notified_if_none
2022-10-03 14:45:44 -04:00
Kekoa Kaaikala
57b4ec4117
BB: Refactor agent communication check
...
Updated CommunicationAnalyzer to use the /api/agents and /api/machines
endpoints to determine whether or not an agent communicated back to the
island.
Resolves PR #2388
2022-10-03 14:28:22 -04:00
Mike Salvatore
a8383f4a79
Agent: Add docstrings to notify_relay_on_propagation
2022-10-03 13:25:30 -04:00
Mike Salvatore
d3ff56138f
Agent: Remove disused ExploitInterceptingTelemetryMessenger
2022-10-03 13:15:55 -04:00
Mike Salvatore
2ad972548b
Agent: Remove ExploitInterceptingTelemetryMessenger decoration
2022-10-03 13:15:55 -04:00
Mike Salvatore
fb7d62e318
Agent: Subscribe notify_relay_on_propagation to PropagationEvent events
2022-10-03 13:15:55 -04:00
Mike Salvatore
0466eb7239
Agent: Add notify_relay_on_propagation agent event handler
2022-10-03 13:15:55 -04:00
Mike Salvatore
368ddde20f
Common: Register serializers for {Exploitation,Propagation}Event
2022-10-03 13:15:12 -04:00
Mike Salvatore
eb16969a56
Merge branch '2362-bb-get-agent-logs' into develop
...
PR #2384
2022-10-03 10:41:30 -04:00
Mike Salvatore
a8627aed48
Merge branch '2269-exploitation-event' into develop
...
PR #2387
2022-10-03 10:36:25 -04:00
Mike Salvatore
07839a46ae
Merge pull request #2385 from guardicore/2269-propagation-event
...
Define Propagation Event
2022-10-03 10:34:33 -04:00
Ilija Lazoroski
779fc63edc
Common: Add param docstring in TCPScanEvent
2022-10-03 16:26:55 +02:00
Ilija Lazoroski
d1af356e19
UT: Add tests for PropagationEvent
2022-10-03 16:25:47 +02:00
Ilija Lazoroski
3389915399
Common: Add PropagationEvent to agent_events
2022-10-03 16:25:45 +02:00
Ilija Lazoroski
fa2ac64b16
UT: Add ExploitationEvent tests
2022-10-03 16:24:09 +02:00
Ilija Lazoroski
a7872d69cf
Common: Add ExploitationEvent to agent_events
2022-10-03 16:24:07 +02:00
Mike Salvatore
82c81c2a4b
Common: Move JSONSerializable to common.types
2022-10-03 10:19:16 -04:00