forked from p34709852/monkey
Island: change T1016 to format results from Monkey document
Previously T1016 pulled results from system info telemetries, but system info telemetries are deprecated and network information is stored on monkey documents
This commit is contained in:
parent
1c602a3315
commit
3734cb007e
|
@ -1,5 +1,5 @@
|
||||||
from common.utils.attack_utils import ScanStatus
|
from common.utils.attack_utils import ScanStatus
|
||||||
from monkey_island.cc.database import mongo
|
from monkey_island.cc.models import Monkey
|
||||||
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
from monkey_island.cc.services.attack.technique_reports import AttackTechnique
|
||||||
|
|
||||||
|
|
||||||
|
@ -10,35 +10,12 @@ class T1016(AttackTechnique):
|
||||||
scanned_msg = ""
|
scanned_msg = ""
|
||||||
used_msg = "Monkey gathered network configurations on systems in the network."
|
used_msg = "Monkey gathered network configurations on systems in the network."
|
||||||
|
|
||||||
query = [
|
|
||||||
{"$match": {"telem_category": "system_info", "data.network_info": {"$exists": True}}},
|
|
||||||
{
|
|
||||||
"$project": {
|
|
||||||
"machine": {"hostname": "$data.hostname", "ips": "$data.network_info.networks"},
|
|
||||||
"networks": "$data.network_info.networks",
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"$addFields": {
|
|
||||||
"_id": 0,
|
|
||||||
"networks": 0,
|
|
||||||
"info": [
|
|
||||||
{
|
|
||||||
"used": {
|
|
||||||
"$and": [{"$ifNull": ["$networks", False]}, {"$gt": ["$networks", {}]}]
|
|
||||||
},
|
|
||||||
"name": {"$literal": "Network interface info"},
|
|
||||||
},
|
|
||||||
],
|
|
||||||
}
|
|
||||||
},
|
|
||||||
]
|
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
def get_technique_status_and_data():
|
def get_technique_status_and_data():
|
||||||
network_info = list(mongo.db.telemetry.aggregate(T1016.query))
|
network_info = T1016._get_network_info()
|
||||||
status = ScanStatus.USED.value if network_info else ScanStatus.UNSCANNED.value
|
used_info = [entry for entry in network_info if entry["info"][0]["used"]]
|
||||||
|
status = ScanStatus.USED.value if used_info else ScanStatus.UNSCANNED.value
|
||||||
return (status, network_info)
|
return (status, network_info)
|
||||||
|
|
||||||
status, network_info = get_technique_status_and_data()
|
status, network_info = get_technique_status_and_data()
|
||||||
|
@ -46,3 +23,14 @@ class T1016(AttackTechnique):
|
||||||
data = T1016.get_base_data_by_status(status)
|
data = T1016.get_base_data_by_status(status)
|
||||||
data.update({"network_info": network_info})
|
data.update({"network_info": network_info})
|
||||||
return data
|
return data
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def _get_network_info():
|
||||||
|
network_info = []
|
||||||
|
for monkey in Monkey.objects():
|
||||||
|
entry = {"machine": {"hostname": monkey.hostname, "ips": monkey.ip_addresses}}
|
||||||
|
info = [{"used": bool(monkey.networks), "name": "Network interface info"}]
|
||||||
|
entry["info"] = info
|
||||||
|
network_info.append(entry)
|
||||||
|
|
||||||
|
return network_info
|
||||||
|
|
Loading…
Reference in New Issue