island: Modify ATT&CK report messages to mention reasons

1. not run on relevant system
2. relevant config options were disabled
This commit is contained in:
Shreya Malviya 2021-09-23 16:39:05 +05:30
parent f730e75cc8
commit 2cc00205f1
2 changed files with 37 additions and 4 deletions

View File

@ -7,6 +7,9 @@ from common.utils.code_utils import abstractstatic
from monkey_island.cc.database import mongo from monkey_island.cc.database import mongo
from monkey_island.cc.models.attack.attack_mitigations import AttackMitigations from monkey_island.cc.models.attack.attack_mitigations import AttackMitigations
from monkey_island.cc.services.attack.attack_config import AttackConfig from monkey_island.cc.services.attack.attack_config import AttackConfig
from monkey_island.cc.services.config_schema.config_schema_per_attack_technique import (
CONFIG_SCHEMA_PER_ATTACK_TECHNIQUE,
)
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -115,16 +118,43 @@ class AttackTechnique(object, metaclass=abc.ABCMeta):
if status == ScanStatus.DISABLED.value: if status == ScanStatus.DISABLED.value:
return disabled_msg return disabled_msg
if status == ScanStatus.UNSCANNED.value: if status == ScanStatus.UNSCANNED.value:
unscanned_msg = AttackTechnique._get_unscanned_msg_with_reasons(cls.unscanned_msg) unscanned_msg = cls._get_unscanned_msg_with_reasons(cls.unscanned_msg)
return unscanned_msg return unscanned_msg
elif status == ScanStatus.SCANNED.value: elif status == ScanStatus.SCANNED.value:
return cls.scanned_msg return cls.scanned_msg
else: else:
return cls.used_msg return cls.used_msg
@staticmethod @classmethod
def _get_unscanned_msg_with_reasons(unscanned_msg): def _get_unscanned_msg_with_reasons(cls, unscanned_msg):
... reasons = []
if len(cls.relevant_systems) == 1:
reasons.append(f"- The Monkey did not run on any {cls.relevant_systems[0]} systems.")
if cls.tech_id in CONFIG_SCHEMA_PER_ATTACK_TECHNIQUE:
reasons.append(
"- The following configuration options were disabled:<br/>"
f"{cls._get_relevant_config_values()}"
)
if reasons:
unscanned_msg = (
unscanned_msg.strip(".")
+ " due to one of the following reasons:\n"
+ "\n".join(reasons)
)
return unscanned_msg
@classmethod
def _get_relevant_config_values(cls):
config_options = ""
for config_type in CONFIG_SCHEMA_PER_ATTACK_TECHNIQUE[cls.tech_id]:
config_options += (
f"- {config_type}"
f"{', '.join(CONFIG_SCHEMA_PER_ATTACK_TECHNIQUE[cls.tech_id][config_type])}<br/>"
)
return config_options
@classmethod @classmethod
def technique_title(cls): def technique_title(cls):

View File

@ -42,3 +42,6 @@ def _add_config_field_to_reverse_schema(
technique[definition_type] = [config_field] technique[definition_type] = [config_field]
else: else:
reverse_schema[attack_technique] = {definition_type: [config_field]} reverse_schema[attack_technique] = {definition_type: [config_field]}
CONFIG_SCHEMA_PER_ATTACK_TECHNIQUE = get_config_schema_per_attack_technique()