Island: add an endpoint and service to get manual runs/exploitations

monkey/monkey_island/cc/app.py

@@ -24,6 +24,7 @@ from monkey_island.cc.resources.configuration_export import ConfigurationExport
 from monkey_island.cc.resources.configuration_import import ConfigurationImport
 from monkey_island.cc.resources.edge import Edge
 from monkey_island.cc.resources.environment import Environment
+from monkey_island.cc.resources.exploitations.manual_exploitation import ManualExploitation
 from monkey_island.cc.resources.island_configuration import IslandConfiguration
 from monkey_island.cc.resources.island_logs import IslandLog
 from monkey_island.cc.resources.island_mode import IslandMode
@@ -154,6 +155,7 @@ def init_api_resources(api):
     api.add_resource(ZeroTrustReport, "/api/report/zero-trust/<string:report_data>")
     api.add_resource(AttackReport, "/api/report/attack")
     api.add_resource(RansomwareReport, "/api/report/ransomware")
+    api.add_resource(ManualExploitation, "/api/exploitations/manual")
 
     api.add_resource(ZeroTrustFindingEvent, "/api/zero-trust/finding-event/<string:finding_id>")
     api.add_resource(TelemetryFeed, "/api/telemetry-feed", "/api/telemetry-feed/")

monkey/monkey_island/cc/resources/exploitations/manual_exploitation.py

@@ -0,0 +1,13 @@
+import flask_restful
+
+from monkey_island.cc.resources.auth.auth import jwt_required
+from monkey_island.cc.services.exploitations.manual_exploitation import get_manual_exploitations
+
+
+class ManualExploitation(flask_restful.Resource):
+    @jwt_required
+    def get(self):
+        manual_exploitations = [
+            exploitation.__dict__ for exploitation in get_manual_exploitations()
+        ]
+        return {"manual_exploitations": manual_exploitations}

monkey/monkey_island/cc/services/exploitations/manual_exploitation.py

@@ -0,0 +1,31 @@
+from dataclasses import dataclass
+from typing import List
+
+from monkey_island.cc.database import mongo
+from monkey_island.cc.services.node import NodeService
+
+
+@dataclass
+class ManualExploitation:
+    hostname: str
+    ip_addresses: List[str]
+    start_time: str
+
+
+def get_manual_exploitations() -> List[ManualExploitation]:
+    monkeys = get_manual_monkeys()
+    return [monkey_to_manual_exploitation(monkey) for monkey in monkeys]
+
+
+def get_manual_monkeys():
+    return [
+        monkey for monkey in mongo.db.monkey.find({}) if NodeService.get_monkey_manual_run(monkey)
+    ]
+
+
+def monkey_to_manual_exploitation(monkey: dict) -> ManualExploitation:
+    return ManualExploitation(
+        hostname=monkey["hostname"],
+        ip_addresses=monkey["ip_addresses"],
+        start_time=monkey["launch_time"],
+    )

monkey/monkey_island/cc/services/reporting/report.py

@@ -21,6 +21,7 @@ from monkey_island.cc.services.config import ConfigService
 from monkey_island.cc.services.configuration.utils import (
     get_config_network_segments_as_subnet_groups,
 )
+from monkey_island.cc.services.exploitations.manual_exploitation import get_manual_monkeys
 from monkey_island.cc.services.node import NodeService
 from monkey_island.cc.services.reporting.issue_processing.exploit_processing.exploiter_descriptor_enum import (  # noqa: E501
     ExploiterDescriptorEnum,
@@ -553,12 +554,8 @@ class ReportService:
             return None
 
     @staticmethod
-    def get_manual_monkeys():
+    def get_manual_monkey_hostnames():
-        return [
+        return [monkey["hostname"] for monkey in get_manual_monkeys()]
-            monkey["hostname"]
-            for monkey in mongo.db.monkey.find({}, {"hostname": 1, "parent": 1, "guid": 1})
-            if NodeService.get_monkey_manual_run(monkey)
-        ]
 
     @staticmethod
     def get_config_users():
@@ -654,7 +651,7 @@ class ReportService:
         exploited_nodes = ReportService.get_exploited()
         report = {
             "overview": {
-                "manual_monkeys": ReportService.get_manual_monkeys(),
+                "manual_monkeys": ReportService.get_manual_monkey_hostnames(),
                 "config_users": config_users,
                 "config_passwords": config_passwords,
                 "config_exploits": ReportService.get_config_exploits(),