forked from p34709852/monkey
Renamed all zero trust tests to zero trust checks in back-end. This increases readability, because it differentiates unit test code from production code
This commit is contained in:
parent
3490be1d8f
commit
4e1e9907b1
|
@ -9,8 +9,8 @@ from monkey_island.cc.services.edge.displayed_edge import EdgeService
|
||||||
from monkey_island.cc.services.node import NodeService
|
from monkey_island.cc.services.node import NodeService
|
||||||
from monkey_island.cc.services.telemetry.processing.utils import \
|
from monkey_island.cc.services.telemetry.processing.utils import \
|
||||||
get_edge_by_scan_or_exploit_telemetry
|
get_edge_by_scan_or_exploit_telemetry
|
||||||
from monkey_island.cc.services.telemetry.zero_trust_tests.machine_exploited import \
|
from monkey_island.cc.services.telemetry.zero_trust_checks.machine_exploited import \
|
||||||
test_machine_exploited
|
check_machine_exploited
|
||||||
|
|
||||||
|
|
||||||
def process_exploit_telemetry(telemetry_json):
|
def process_exploit_telemetry(telemetry_json):
|
||||||
|
@ -19,7 +19,7 @@ def process_exploit_telemetry(telemetry_json):
|
||||||
update_network_with_exploit(edge, telemetry_json)
|
update_network_with_exploit(edge, telemetry_json)
|
||||||
update_node_credentials_from_successful_attempts(edge, telemetry_json)
|
update_node_credentials_from_successful_attempts(edge, telemetry_json)
|
||||||
|
|
||||||
test_machine_exploited(
|
check_machine_exploited(
|
||||||
current_monkey=Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid']),
|
current_monkey=Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid']),
|
||||||
exploit_successful=telemetry_json['data']['result'],
|
exploit_successful=telemetry_json['data']['result'],
|
||||||
exploiter=telemetry_json['data']['exploiter'],
|
exploiter=telemetry_json['data']['exploiter'],
|
||||||
|
|
|
@ -3,8 +3,8 @@ import copy
|
||||||
from common.common_consts.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER
|
from common.common_consts.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER
|
||||||
from monkey_island.cc.database import mongo
|
from monkey_island.cc.database import mongo
|
||||||
from monkey_island.cc.models import Monkey
|
from monkey_island.cc.models import Monkey
|
||||||
from monkey_island.cc.services.telemetry.zero_trust_tests.communicate_as_new_user import \
|
from monkey_island.cc.services.telemetry.zero_trust_checks.communicate_as_new_user import \
|
||||||
test_new_user_communication
|
check_new_user_communication
|
||||||
|
|
||||||
EXECUTION_WITHOUT_OUTPUT = "(PBA execution produced no output)"
|
EXECUTION_WITHOUT_OUTPUT = "(PBA execution produced no output)"
|
||||||
|
|
||||||
|
@ -13,7 +13,7 @@ def process_communicate_as_new_user_telemetry(telemetry_json):
|
||||||
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
|
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
|
||||||
message = telemetry_json['data']['result'][0]
|
message = telemetry_json['data']['result'][0]
|
||||||
success = telemetry_json['data']['result'][1]
|
success = telemetry_json['data']['result'][1]
|
||||||
test_new_user_communication(current_monkey, success, message)
|
check_new_user_communication(current_monkey, success, message)
|
||||||
|
|
||||||
|
|
||||||
POST_BREACH_TELEMETRY_PROCESSING_FUNCS = {
|
POST_BREACH_TELEMETRY_PROCESSING_FUNCS = {
|
||||||
|
|
|
@ -4,19 +4,19 @@ from monkey_island.cc.services.edge.edge import EdgeService
|
||||||
from monkey_island.cc.services.node import NodeService
|
from monkey_island.cc.services.node import NodeService
|
||||||
from monkey_island.cc.services.telemetry.processing.utils import \
|
from monkey_island.cc.services.telemetry.processing.utils import \
|
||||||
get_edge_by_scan_or_exploit_telemetry
|
get_edge_by_scan_or_exploit_telemetry
|
||||||
from monkey_island.cc.services.telemetry.zero_trust_tests.data_endpoints import \
|
from monkey_island.cc.services.telemetry.zero_trust_checks.data_endpoints import \
|
||||||
test_open_data_endpoints
|
check_open_data_endpoints
|
||||||
from monkey_island.cc.services.telemetry.zero_trust_tests.segmentation import \
|
from monkey_island.cc.services.telemetry.zero_trust_checks.segmentation import \
|
||||||
test_segmentation_violation
|
check_segmentation_violation
|
||||||
|
|
||||||
|
|
||||||
def process_scan_telemetry(telemetry_json):
|
def process_scan_telemetry(telemetry_json):
|
||||||
update_edges_and_nodes_based_on_scan_telemetry(telemetry_json)
|
update_edges_and_nodes_based_on_scan_telemetry(telemetry_json)
|
||||||
test_open_data_endpoints(telemetry_json)
|
check_open_data_endpoints(telemetry_json)
|
||||||
|
|
||||||
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
|
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
|
||||||
target_ip = telemetry_json['data']['machine']['ip_addr']
|
target_ip = telemetry_json['data']['machine']['ip_addr']
|
||||||
test_segmentation_violation(current_monkey, target_ip)
|
check_segmentation_violation(current_monkey, target_ip)
|
||||||
|
|
||||||
|
|
||||||
def update_edges_and_nodes_based_on_scan_telemetry(telemetry_json):
|
def update_edges_and_nodes_based_on_scan_telemetry(telemetry_json):
|
||||||
|
|
|
@ -2,8 +2,8 @@ import logging
|
||||||
|
|
||||||
from monkey_island.cc.models import Monkey
|
from monkey_island.cc.models import Monkey
|
||||||
from monkey_island.cc.services.node import NodeService
|
from monkey_island.cc.services.node import NodeService
|
||||||
from monkey_island.cc.services.telemetry.zero_trust_tests.segmentation import \
|
from monkey_island.cc.services.telemetry.zero_trust_checks.segmentation import \
|
||||||
test_passed_findings_for_unreached_segments
|
check_passed_findings_for_unreached_segments
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
@ -18,7 +18,7 @@ def process_state_telemetry(telemetry_json):
|
||||||
|
|
||||||
if telemetry_json['data']['done']:
|
if telemetry_json['data']['done']:
|
||||||
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
|
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
|
||||||
test_passed_findings_for_unreached_segments(current_monkey)
|
check_passed_findings_for_unreached_segments(current_monkey)
|
||||||
|
|
||||||
if telemetry_json['data']['version']:
|
if telemetry_json['data']['version']:
|
||||||
logger.info(f"monkey {telemetry_json['monkey_guid']} has version {telemetry_json['data']['version']}")
|
logger.info(f"monkey {telemetry_json['monkey_guid']} has version {telemetry_json['data']['version']}")
|
||||||
|
|
|
@ -14,8 +14,8 @@ from monkey_island.cc.services.telemetry.processing.system_info_collectors.hostn
|
||||||
process_hostname_telemetry
|
process_hostname_telemetry
|
||||||
from monkey_island.cc.services.telemetry.processing.system_info_collectors.scoutsuite import \
|
from monkey_island.cc.services.telemetry.processing.system_info_collectors.scoutsuite import \
|
||||||
process_scout_suite_telemetry
|
process_scout_suite_telemetry
|
||||||
from monkey_island.cc.services.telemetry.zero_trust_tests.antivirus_existence import \
|
from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence import \
|
||||||
test_antivirus_existence
|
check_antivirus_existence
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@ SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = {
|
||||||
AWS_COLLECTOR: [process_aws_telemetry],
|
AWS_COLLECTOR: [process_aws_telemetry],
|
||||||
ENVIRONMENT_COLLECTOR: [process_environment_telemetry],
|
ENVIRONMENT_COLLECTOR: [process_environment_telemetry],
|
||||||
HOSTNAME_COLLECTOR: [process_hostname_telemetry],
|
HOSTNAME_COLLECTOR: [process_hostname_telemetry],
|
||||||
PROCESS_LIST_COLLECTOR: [test_antivirus_existence],
|
PROCESS_LIST_COLLECTOR: [check_antivirus_existence],
|
||||||
SCOUTSUITE_COLLECTOR: [process_scout_suite_telemetry]
|
SCOUTSUITE_COLLECTOR: [process_scout_suite_telemetry]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
from monkey_island.cc.services.node import NodeService
|
from monkey_island.cc.services.node import NodeService
|
||||||
from monkey_island.cc.services.telemetry.processing.utils import \
|
from monkey_island.cc.services.telemetry.processing.utils import \
|
||||||
get_tunnel_host_ip_from_proxy_field
|
get_tunnel_host_ip_from_proxy_field
|
||||||
from monkey_island.cc.services.telemetry.zero_trust_tests.tunneling import \
|
from monkey_island.cc.services.telemetry.zero_trust_checks.tunneling import \
|
||||||
test_tunneling_violation
|
check_tunneling_violation
|
||||||
|
|
||||||
|
|
||||||
def process_tunnel_telemetry(telemetry_json):
|
def process_tunnel_telemetry(telemetry_json):
|
||||||
test_tunneling_violation(telemetry_json)
|
check_tunneling_violation(telemetry_json)
|
||||||
monkey_id = NodeService.get_monkey_by_guid(telemetry_json['monkey_guid'])["_id"]
|
monkey_id = NodeService.get_monkey_by_guid(telemetry_json['monkey_guid'])["_id"]
|
||||||
if telemetry_json['data']['proxy'] is not None:
|
if telemetry_json['data']['proxy'] is not None:
|
||||||
tunnel_host_ip = get_tunnel_host_ip_from_proxy_field(telemetry_json)
|
tunnel_host_ip = get_tunnel_host_ip_from_proxy_field(telemetry_json)
|
||||||
|
|
|
@ -2,14 +2,13 @@ import json
|
||||||
|
|
||||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||||
from monkey_island.cc.models import Monkey
|
from monkey_island.cc.models import Monkey
|
||||||
from monkey_island.cc.models.zero_trust.aggregate_finding import \
|
|
||||||
AggregateFinding
|
|
||||||
from monkey_island.cc.models.zero_trust.event import Event
|
from monkey_island.cc.models.zero_trust.event import Event
|
||||||
from monkey_island.cc.services.telemetry.zero_trust_tests.known_anti_viruses import \
|
from monkey_island.cc.services.telemetry.zero_trust_checks.known_anti_viruses import \
|
||||||
ANTI_VIRUS_KNOWN_PROCESS_NAMES
|
ANTI_VIRUS_KNOWN_PROCESS_NAMES
|
||||||
|
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
|
||||||
|
|
||||||
|
|
||||||
def test_antivirus_existence(process_list_json, monkey_guid):
|
def check_antivirus_existence(process_list_json, monkey_guid):
|
||||||
current_monkey = Monkey.get_single_monkey_by_guid(monkey_guid)
|
current_monkey = Monkey.get_single_monkey_by_guid(monkey_guid)
|
||||||
|
|
||||||
process_list_event = Event.create_event(
|
process_list_event = Event.create_event(
|
||||||
|
@ -32,7 +31,7 @@ def test_antivirus_existence(process_list_json, monkey_guid):
|
||||||
test_status = zero_trust_consts.STATUS_PASSED
|
test_status = zero_trust_consts.STATUS_PASSED
|
||||||
else:
|
else:
|
||||||
test_status = zero_trust_consts.STATUS_FAILED
|
test_status = zero_trust_consts.STATUS_FAILED
|
||||||
AggregateFinding.create_or_add_to_existing(
|
MonkeyFindingService.create_or_add_to_existing(
|
||||||
test=zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS, status=test_status, events=events
|
test=zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS, status=test_status, events=events
|
||||||
)
|
)
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||||
from monkey_island.cc.models.zero_trust.aggregate_finding import \
|
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
|
||||||
AggregateFinding
|
|
||||||
from monkey_island.cc.models.zero_trust.event import Event
|
from monkey_island.cc.models.zero_trust.event import Event
|
||||||
|
|
||||||
COMM_AS_NEW_USER_FAILED_FORMAT = "Monkey on {} couldn't communicate as new user. Details: {}"
|
COMM_AS_NEW_USER_FAILED_FORMAT = "Monkey on {} couldn't communicate as new user. Details: {}"
|
||||||
|
@ -8,8 +7,8 @@ COMM_AS_NEW_USER_SUCCEEDED_FORMAT = \
|
||||||
"New user created by Monkey on {} successfully tried to communicate with the internet. Details: {}"
|
"New user created by Monkey on {} successfully tried to communicate with the internet. Details: {}"
|
||||||
|
|
||||||
|
|
||||||
def test_new_user_communication(current_monkey, success, message):
|
def check_new_user_communication(current_monkey, success, message):
|
||||||
AggregateFinding.create_or_add_to_existing(
|
MonkeyFindingService.create_or_add_to_existing(
|
||||||
test=zero_trust_consts.TEST_COMMUNICATE_AS_NEW_USER,
|
test=zero_trust_consts.TEST_COMMUNICATE_AS_NEW_USER,
|
||||||
# If the monkey succeeded to create a user, then the test failed.
|
# If the monkey succeeded to create a user, then the test failed.
|
||||||
status=zero_trust_consts.STATUS_FAILED if success else zero_trust_consts.STATUS_PASSED,
|
status=zero_trust_consts.STATUS_FAILED if success else zero_trust_consts.STATUS_PASSED,
|
|
@ -3,14 +3,13 @@ import json
|
||||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||||
from common.common_consts.network_consts import ES_SERVICE
|
from common.common_consts.network_consts import ES_SERVICE
|
||||||
from monkey_island.cc.models import Monkey
|
from monkey_island.cc.models import Monkey
|
||||||
from monkey_island.cc.models.zero_trust.aggregate_finding import (
|
|
||||||
AggregateFinding, add_malicious_activity_to_timeline)
|
|
||||||
from monkey_island.cc.models.zero_trust.event import Event
|
from monkey_island.cc.models.zero_trust.event import Event
|
||||||
|
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
|
||||||
|
|
||||||
HTTP_SERVERS_SERVICES_NAMES = ['tcp-80']
|
HTTP_SERVERS_SERVICES_NAMES = ['tcp-80']
|
||||||
|
|
||||||
|
|
||||||
def test_open_data_endpoints(telemetry_json):
|
def check_open_data_endpoints(telemetry_json):
|
||||||
services = telemetry_json["data"]["machine"]["services"]
|
services = telemetry_json["data"]["machine"]["services"]
|
||||||
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
|
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
|
||||||
found_http_server_status = zero_trust_consts.STATUS_PASSED
|
found_http_server_status = zero_trust_consts.STATUS_PASSED
|
||||||
|
@ -56,16 +55,16 @@ def test_open_data_endpoints(telemetry_json):
|
||||||
event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK
|
event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK
|
||||||
))
|
))
|
||||||
|
|
||||||
AggregateFinding.create_or_add_to_existing(
|
MonkeyFindingService.create_or_add_to_existing(
|
||||||
test=zero_trust_consts.TEST_DATA_ENDPOINT_HTTP,
|
test=zero_trust_consts.TEST_DATA_ENDPOINT_HTTP,
|
||||||
status=found_http_server_status,
|
status=found_http_server_status,
|
||||||
events=events
|
events=events
|
||||||
)
|
)
|
||||||
|
|
||||||
AggregateFinding.create_or_add_to_existing(
|
MonkeyFindingService.create_or_add_to_existing(
|
||||||
test=zero_trust_consts.TEST_DATA_ENDPOINT_ELASTIC,
|
test=zero_trust_consts.TEST_DATA_ENDPOINT_ELASTIC,
|
||||||
status=found_elastic_search_server,
|
status=found_elastic_search_server,
|
||||||
events=events
|
events=events
|
||||||
)
|
)
|
||||||
|
|
||||||
add_malicious_activity_to_timeline(events)
|
MonkeyFindingService.add_malicious_activity_to_timeline(events)
|
|
@ -1,10 +1,9 @@
|
||||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||||
from monkey_island.cc.models.zero_trust.aggregate_finding import (
|
|
||||||
AggregateFinding, add_malicious_activity_to_timeline)
|
|
||||||
from monkey_island.cc.models.zero_trust.event import Event
|
from monkey_island.cc.models.zero_trust.event import Event
|
||||||
|
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
|
||||||
|
|
||||||
|
|
||||||
def test_machine_exploited(current_monkey, exploit_successful, exploiter, target_ip, timestamp):
|
def check_machine_exploited(current_monkey, exploit_successful, exploiter, target_ip, timestamp):
|
||||||
events = [
|
events = [
|
||||||
Event.create_event(
|
Event.create_event(
|
||||||
title="Exploit attempt",
|
title="Exploit attempt",
|
||||||
|
@ -30,10 +29,10 @@ def test_machine_exploited(current_monkey, exploit_successful, exploiter, target
|
||||||
)
|
)
|
||||||
status = zero_trust_consts.STATUS_FAILED
|
status = zero_trust_consts.STATUS_FAILED
|
||||||
|
|
||||||
AggregateFinding.create_or_add_to_existing(
|
MonkeyFindingService.create_or_add_to_existing(
|
||||||
test=zero_trust_consts.TEST_MACHINE_EXPLOITED,
|
test=zero_trust_consts.TEST_MACHINE_EXPLOITED,
|
||||||
status=status,
|
status=status,
|
||||||
events=events
|
events=events
|
||||||
)
|
)
|
||||||
|
|
||||||
add_malicious_activity_to_timeline(events)
|
MonkeyFindingService.add_malicious_activity_to_timeline(events)
|
|
@ -19,7 +19,7 @@ SEGMENTATION_VIOLATION_EVENT_TEXT = \
|
||||||
"managed to communicate cross segment to {target_ip} (in segment {target_seg})."
|
"managed to communicate cross segment to {target_ip} (in segment {target_seg})."
|
||||||
|
|
||||||
|
|
||||||
def test_segmentation_violation(current_monkey, target_ip):
|
def check_segmentation_violation(current_monkey, target_ip):
|
||||||
# TODO - lower code duplication between this and report.py.
|
# TODO - lower code duplication between this and report.py.
|
||||||
subnet_groups = get_config_network_segments_as_subnet_groups()
|
subnet_groups = get_config_network_segments_as_subnet_groups()
|
||||||
for subnet_group in subnet_groups:
|
for subnet_group in subnet_groups:
|
||||||
|
@ -73,7 +73,7 @@ def get_segmentation_violation_event(current_monkey, source_subnet, target_ip, t
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def test_passed_findings_for_unreached_segments(current_monkey):
|
def check_passed_findings_for_unreached_segments(current_monkey):
|
||||||
flat_all_subnets = [item for sublist in get_config_network_segments_as_subnet_groups() for item in sublist]
|
flat_all_subnets = [item for sublist in get_config_network_segments_as_subnet_groups() for item in sublist]
|
||||||
create_or_add_findings_for_all_pairs(flat_all_subnets, current_monkey)
|
create_or_add_findings_for_all_pairs(flat_all_subnets, current_monkey)
|
||||||
|
|
|
@ -6,7 +6,7 @@ from monkey_island.cc.models.zero_trust.event import Event
|
||||||
from monkey_island.cc.models.zero_trust.finding import Finding
|
from monkey_island.cc.models.zero_trust.finding import Finding
|
||||||
from monkey_island.cc.models.zero_trust.segmentation_finding import \
|
from monkey_island.cc.models.zero_trust.segmentation_finding import \
|
||||||
SegmentationFinding
|
SegmentationFinding
|
||||||
from monkey_island.cc.services.telemetry.zero_trust_tests.segmentation import \
|
from monkey_island.cc.services.telemetry.zero_trust_checks.segmentation import \
|
||||||
create_or_add_findings_for_all_pairs
|
create_or_add_findings_for_all_pairs
|
||||||
from monkey_island.cc.testing.IslandTestCase import IslandTestCase
|
from monkey_island.cc.testing.IslandTestCase import IslandTestCase
|
||||||
|
|
||||||
|
@ -15,7 +15,7 @@ SECOND_SUBNET = "2.2.2.0/24"
|
||||||
THIRD_SUBNET = "3.3.3.3-3.3.3.200"
|
THIRD_SUBNET = "3.3.3.3-3.3.3.200"
|
||||||
|
|
||||||
|
|
||||||
class TestSegmentationTests(IslandTestCase):
|
class TestSegmentationChecks(IslandTestCase):
|
||||||
def test_create_findings_for_all_done_pairs(self):
|
def test_create_findings_for_all_done_pairs(self):
|
||||||
self.fail_if_not_testing_env()
|
self.fail_if_not_testing_env()
|
||||||
self.clean_finding_db()
|
self.clean_finding_db()
|
|
@ -1,13 +1,12 @@
|
||||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||||
from monkey_island.cc.models import Monkey
|
from monkey_island.cc.models import Monkey
|
||||||
from monkey_island.cc.models.zero_trust.aggregate_finding import (
|
|
||||||
AggregateFinding, add_malicious_activity_to_timeline)
|
|
||||||
from monkey_island.cc.models.zero_trust.event import Event
|
from monkey_island.cc.models.zero_trust.event import Event
|
||||||
from monkey_island.cc.services.telemetry.processing.utils import \
|
from monkey_island.cc.services.telemetry.processing.utils import \
|
||||||
get_tunnel_host_ip_from_proxy_field
|
get_tunnel_host_ip_from_proxy_field
|
||||||
|
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
|
||||||
|
|
||||||
|
|
||||||
def test_tunneling_violation(tunnel_telemetry_json):
|
def check_tunneling_violation(tunnel_telemetry_json):
|
||||||
if tunnel_telemetry_json['data']['proxy'] is not None:
|
if tunnel_telemetry_json['data']['proxy'] is not None:
|
||||||
# Monkey is tunneling, create findings
|
# Monkey is tunneling, create findings
|
||||||
tunnel_host_ip = get_tunnel_host_ip_from_proxy_field(tunnel_telemetry_json)
|
tunnel_host_ip = get_tunnel_host_ip_from_proxy_field(tunnel_telemetry_json)
|
||||||
|
@ -20,10 +19,10 @@ def test_tunneling_violation(tunnel_telemetry_json):
|
||||||
timestamp=tunnel_telemetry_json['timestamp']
|
timestamp=tunnel_telemetry_json['timestamp']
|
||||||
)]
|
)]
|
||||||
|
|
||||||
AggregateFinding.create_or_add_to_existing(
|
MonkeyFindingService.create_or_add_to_existing(
|
||||||
test=zero_trust_consts.TEST_TUNNELING,
|
test=zero_trust_consts.TEST_TUNNELING,
|
||||||
status=zero_trust_consts.STATUS_FAILED,
|
status=zero_trust_consts.STATUS_FAILED,
|
||||||
events=tunneling_events
|
events=tunneling_events
|
||||||
)
|
)
|
||||||
|
|
||||||
add_malicious_activity_to_timeline(tunneling_events)
|
MonkeyFindingService.add_malicious_activity_to_timeline(tunneling_events)
|
Loading…
Reference in New Issue