Island: Change config schema for process list collection

2022-02-11 22:36:37 +05:30 · 2022-02-11 22:36:37 +05:30 · a8059f021a
parent 4839f099a4
commit a8059f021a
4 changed files with 10 additions and 15 deletions
--- a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py
+++ b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py
@ -94,5 +94,13 @@ POST_BREACH_ACTIONS = {
            "info": "Attempts to clear the command history.",
            "attack_techniques": ["T1146"],
        },
+        {
+            "type": "string",
+            "enum": ["ProcessListCollection"],
+            "title": "Process List Collector",
+            "safe": True,
+            "info": "Collects a list of running processes on the machine.",
+            "attack_techniques": ["T1082"],
+        },
    ],
 }
--- a/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py
+++ b/monkey/monkey_island/cc/services/config_schema/definitions/system_info_collector_classes.py
@ -1,6 +1,5 @@
 from common.common_consts.system_info_collectors_names import (
    MIMIKATZ_COLLECTOR,
-    PROCESS_LIST_COLLECTOR,
 )

 SYSTEM_INFO_COLLECTOR_CLASSES = {
@ -16,13 +15,5 @@ SYSTEM_INFO_COLLECTOR_CLASSES = {
            "info": "Collects credentials from Windows credential manager.",
            "attack_techniques": ["T1003", "T1005"],
        },
-        {
-            "type": "string",
-            "enum": [PROCESS_LIST_COLLECTOR],
-            "title": "Process List Collector",
-            "safe": True,
-            "info": "Collects a list of running processes on the machine.",
-            "attack_techniques": ["T1082"],
-        },
    ],
 }
--- a/monkey/monkey_island/cc/services/config_schema/monkey.py
+++ b/monkey/monkey_island/cc/services/config_schema/monkey.py
@ -1,6 +1,5 @@
 from common.common_consts.system_info_collectors_names import (
    MIMIKATZ_COLLECTOR,
-    PROCESS_LIST_COLLECTOR,
 )

 MONKEY = {
@ -71,6 +70,7 @@ MONKEY = {
                        "ScheduleJobs",
                        "Timestomping",
                        "AccountDiscovery",
+                        "ProcessListCollection",
                    ],
                },
            },
@ -85,7 +85,6 @@ MONKEY = {
                    "uniqueItems": True,
                    "items": {"$ref": "#/definitions/system_info_collector_classes"},
                    "default": [
-                        PROCESS_LIST_COLLECTOR,
                        MIMIKATZ_COLLECTOR,
                    ],
                },
--- a/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py
+++ b/monkey/monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py
@ -1,16 +1,13 @@
 import logging
 import typing

-from common.common_consts.system_info_collectors_names import PROCESS_LIST_COLLECTOR
 from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence import (
    check_antivirus_existence,
 )

 logger = logging.getLogger(__name__)

-SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = {
-    PROCESS_LIST_COLLECTOR: [check_antivirus_existence],
-}
+SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = {}


 class SystemInfoTelemetryDispatcher(object):