From 3f2d5b1479b9845541e7ff6c4eeddb696da324ab Mon Sep 17 00:00:00 2001
From: Shay Nehmad <shay.nehmad@guardicore.com>
Date: Sun, 1 Sep 2019 12:08:58 +0300
Subject: [PATCH] Aggregate passed exploit attempts tests (which means failed
 exploiting)

---
 .../zero_trust_tests/machine_exploited.py      | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py
index d6416c0ef..1afe8bfe1 100644
--- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py
+++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py
@@ -34,11 +34,19 @@ def test_machine_exploited(telemetry_json):
         )
         status = STATUS_FAILED
 
-    Finding.save_finding(
-        test=TEST_MACHINE_EXPLOITED,
-        status=status,
-        events=events
-    )
+    # aggregate only passed tests (which means exploit failed). Each successful exploit gets its own finding. 
+    if status == STATUS_FAILED:
+        Finding.save_finding(
+            test=TEST_MACHINE_EXPLOITED,
+            status=status,
+            events=events
+        )
+    else:
+        AggregateFinding.create_or_add_to_existing(
+            test=TEST_MACHINE_EXPLOITED,
+            status=status,
+            events=events
+        )
 
     AggregateFinding.create_or_add_to_existing(
         test=TEST_MALICIOUS_ACTIVITY_TIMELINE,