Island: change T1016 to format results from Monkey document

Previously T1016 pulled results from system info telemetries, but system info telemetries are deprecated and network information is stored on monkey documents
This commit is contained in:
vakarisz 2022-03-01 14:34:43 +02:00
parent 1c602a3315
commit 3734cb007e
1 changed files with 15 additions and 27 deletions

View File

@ -1,5 +1,5 @@
from common.utils.attack_utils import ScanStatus from common.utils.attack_utils import ScanStatus
from monkey_island.cc.database import mongo from monkey_island.cc.models import Monkey
from monkey_island.cc.services.attack.technique_reports import AttackTechnique from monkey_island.cc.services.attack.technique_reports import AttackTechnique
@ -10,35 +10,12 @@ class T1016(AttackTechnique):
scanned_msg = "" scanned_msg = ""
used_msg = "Monkey gathered network configurations on systems in the network." used_msg = "Monkey gathered network configurations on systems in the network."
query = [
{"$match": {"telem_category": "system_info", "data.network_info": {"$exists": True}}},
{
"$project": {
"machine": {"hostname": "$data.hostname", "ips": "$data.network_info.networks"},
"networks": "$data.network_info.networks",
}
},
{
"$addFields": {
"_id": 0,
"networks": 0,
"info": [
{
"used": {
"$and": [{"$ifNull": ["$networks", False]}, {"$gt": ["$networks", {}]}]
},
"name": {"$literal": "Network interface info"},
},
],
}
},
]
@staticmethod @staticmethod
def get_report_data(): def get_report_data():
def get_technique_status_and_data(): def get_technique_status_and_data():
network_info = list(mongo.db.telemetry.aggregate(T1016.query)) network_info = T1016._get_network_info()
status = ScanStatus.USED.value if network_info else ScanStatus.UNSCANNED.value used_info = [entry for entry in network_info if entry["info"][0]["used"]]
status = ScanStatus.USED.value if used_info else ScanStatus.UNSCANNED.value
return (status, network_info) return (status, network_info)
status, network_info = get_technique_status_and_data() status, network_info = get_technique_status_and_data()
@ -46,3 +23,14 @@ class T1016(AttackTechnique):
data = T1016.get_base_data_by_status(status) data = T1016.get_base_data_by_status(status)
data.update({"network_info": network_info}) data.update({"network_info": network_info})
return data return data
@staticmethod
def _get_network_info():
network_info = []
for monkey in Monkey.objects():
entry = {"machine": {"hostname": monkey.hostname, "ips": monkey.ip_addresses}}
info = [{"used": bool(monkey.networks), "name": "Network interface info"}]
entry["info"] = info
network_info.append(entry)
return network_info