forked from p34709852/monkey
Refactored directives to recommendations
This commit is contained in:
parent
32bc318c69
commit
bb1ee6ff14
|
@ -2,8 +2,8 @@
|
|||
This file contains all the static data relating to Zero Trust. It is mostly used in the zero trust report generation and
|
||||
in creating findings.
|
||||
|
||||
This file contains static mappings between zero trust components such as: pillars, directives, tests, statuses. Some of
|
||||
the mappings are computed when this module is loaded.
|
||||
This file contains static mappings between zero trust components such as: pillars, recommendations, tests, statuses.
|
||||
Some of the mappings are computed when this module is loaded.
|
||||
"""
|
||||
|
||||
AUTOMATION_ORCHESTRATION = u"Automation & Orchestration"
|
||||
|
@ -39,22 +39,22 @@ TESTS = (
|
|||
TEST_DATA_ENDPOINT_ELASTIC
|
||||
)
|
||||
|
||||
DIRECTIVE_DATA_TRANSIT = u"data_transit"
|
||||
DIRECTIVE_ENDPOINT_SECURITY = u"endpoint_security"
|
||||
DIRECTIVE_USER_BEHAVIOUR = u"user_behaviour"
|
||||
DIRECTIVE_ANALYZE_NETWORK_TRAFFIC = u"analyze_network_traffic"
|
||||
DIRECTIVE_SEGMENTATION = u"segmentation"
|
||||
DIRECTIVES = {
|
||||
DIRECTIVE_SEGMENTATION: u"Apply segmentation and micro-segmentation inside your network.",
|
||||
DIRECTIVE_ANALYZE_NETWORK_TRAFFIC: u"Analyze network traffic for malicious activity.",
|
||||
DIRECTIVE_USER_BEHAVIOUR: u"Adopt security user behavior analytics.",
|
||||
DIRECTIVE_ENDPOINT_SECURITY: u"Use anti-virus and other traditional endpoint security solutions.",
|
||||
DIRECTIVE_DATA_TRANSIT: u"Secure data at transit by encrypting it."
|
||||
RECOMMENDATION_DATA_TRANSIT = u"data_transit"
|
||||
RECOMMENDATION_ENDPOINT_SECURITY = u"endpoint_security"
|
||||
RECOMMENDATION_USER_BEHAVIOUR = u"user_behaviour"
|
||||
RECOMMENDATION_ANALYZE_NETWORK_TRAFFIC = u"analyze_network_traffic"
|
||||
RECOMMENDATION_SEGMENTATION = u"segmentation"
|
||||
RECOMMENDATIONS = {
|
||||
RECOMMENDATION_SEGMENTATION: u"Apply segmentation and micro-segmentation inside your network.",
|
||||
RECOMMENDATION_ANALYZE_NETWORK_TRAFFIC: u"Analyze network traffic for malicious activity.",
|
||||
RECOMMENDATION_USER_BEHAVIOUR: u"Adopt security user behavior analytics.",
|
||||
RECOMMENDATION_ENDPOINT_SECURITY: u"Use anti-virus and other traditional endpoint security solutions.",
|
||||
RECOMMENDATION_DATA_TRANSIT: u"Secure data at transit by encrypting it."
|
||||
}
|
||||
|
||||
POSSIBLE_STATUSES_KEY = u"possible_statuses"
|
||||
PILLARS_KEY = u"pillars"
|
||||
DIRECTIVE_KEY = u"directive_key"
|
||||
RECOMMENDATION_KEY = u"recommendation_key"
|
||||
FINDING_EXPLANATION_BY_STATUS_KEY = u"finding_explanation"
|
||||
TEST_EXPLANATION_KEY = u"explanation"
|
||||
TESTS_MAP = {
|
||||
|
@ -64,7 +64,7 @@ TESTS_MAP = {
|
|||
STATUS_CONCLUSIVE: "Monkey performed cross-segment communication. Check firewall rules and logs.",
|
||||
STATUS_POSITIVE: "Monkey couldn't perform cross-segment communication. If relevant, check firewall logs."
|
||||
},
|
||||
DIRECTIVE_KEY: DIRECTIVE_SEGMENTATION,
|
||||
RECOMMENDATION_KEY: RECOMMENDATION_SEGMENTATION,
|
||||
PILLARS_KEY: [NETWORKS],
|
||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_POSITIVE, STATUS_CONCLUSIVE]
|
||||
},
|
||||
|
@ -73,7 +73,7 @@ TESTS_MAP = {
|
|||
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||
STATUS_INCONCLUSIVE: "Monkey performed malicious actions in the network. Check SOC logs and alerts."
|
||||
},
|
||||
DIRECTIVE_KEY: DIRECTIVE_ANALYZE_NETWORK_TRAFFIC,
|
||||
RECOMMENDATION_KEY: RECOMMENDATION_ANALYZE_NETWORK_TRAFFIC,
|
||||
PILLARS_KEY: [NETWORKS, VISIBILITY_ANALYTICS],
|
||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_INCONCLUSIVE]
|
||||
},
|
||||
|
@ -83,7 +83,7 @@ TESTS_MAP = {
|
|||
STATUS_CONCLUSIVE: "Monkey didn't find ANY active endpoint security processes. Install and activate anti-virus software on endpoints.",
|
||||
STATUS_POSITIVE: "Monkey found active endpoint security processes. Check their logs to see if Monkey was a security concern."
|
||||
},
|
||||
DIRECTIVE_KEY: DIRECTIVE_ENDPOINT_SECURITY,
|
||||
RECOMMENDATION_KEY: RECOMMENDATION_ENDPOINT_SECURITY,
|
||||
PILLARS_KEY: [DEVICES],
|
||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_CONCLUSIVE, STATUS_POSITIVE]
|
||||
},
|
||||
|
@ -93,7 +93,7 @@ TESTS_MAP = {
|
|||
STATUS_CONCLUSIVE: "Monkey successfully exploited endpoints. Check IDS/IPS logs to see activity recognized and see which endpoints were compromised.",
|
||||
STATUS_POSITIVE: "Monkey didn't manage to exploit an endpoint."
|
||||
},
|
||||
DIRECTIVE_KEY: DIRECTIVE_ENDPOINT_SECURITY,
|
||||
RECOMMENDATION_KEY: RECOMMENDATION_ENDPOINT_SECURITY,
|
||||
PILLARS_KEY: [DEVICES],
|
||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_CONCLUSIVE, STATUS_INCONCLUSIVE]
|
||||
},
|
||||
|
@ -102,7 +102,7 @@ TESTS_MAP = {
|
|||
FINDING_EXPLANATION_BY_STATUS_KEY: {
|
||||
STATUS_INCONCLUSIVE: "Monkey was executed in a scheduled manner. Locate this activity in User-Behavior security software."
|
||||
},
|
||||
DIRECTIVE_KEY: DIRECTIVE_USER_BEHAVIOUR,
|
||||
RECOMMENDATION_KEY: RECOMMENDATION_USER_BEHAVIOUR,
|
||||
PILLARS_KEY: [PEOPLE, NETWORKS],
|
||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_INCONCLUSIVE]
|
||||
},
|
||||
|
@ -112,7 +112,7 @@ TESTS_MAP = {
|
|||
STATUS_CONCLUSIVE: "Monkey accessed ElasticSearch instances. Limit access to data by encrypting it in in-transit.",
|
||||
STATUS_POSITIVE: "Monkey didn't find open ElasticSearch instances. If you have such instances, look for alerts that indicate attempts to access them."
|
||||
},
|
||||
DIRECTIVE_KEY: DIRECTIVE_DATA_TRANSIT,
|
||||
RECOMMENDATION_KEY: RECOMMENDATION_DATA_TRANSIT,
|
||||
PILLARS_KEY: [DATA],
|
||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_CONCLUSIVE, STATUS_POSITIVE]
|
||||
},
|
||||
|
@ -122,7 +122,7 @@ TESTS_MAP = {
|
|||
STATUS_CONCLUSIVE: "Monkey accessed HTTP servers. Limit access to data by encrypting it in in-transit.",
|
||||
STATUS_POSITIVE: "Monkey didn't find open HTTP servers. If you have such servers, look for alerts that indicate attempts to access them."
|
||||
},
|
||||
DIRECTIVE_KEY: DIRECTIVE_DATA_TRANSIT,
|
||||
RECOMMENDATION_KEY: RECOMMENDATION_DATA_TRANSIT,
|
||||
PILLARS_KEY: [DATA],
|
||||
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_CONCLUSIVE, STATUS_POSITIVE]
|
||||
},
|
||||
|
@ -143,15 +143,15 @@ PILLARS_TO_TESTS = {
|
|||
AUTOMATION_ORCHESTRATION: []
|
||||
}
|
||||
|
||||
DIRECTIVES_TO_TESTS = {}
|
||||
RECOMMENDATIONS_TO_TESTS = {}
|
||||
|
||||
DIRECTIVES_TO_PILLARS = {}
|
||||
RECOMMENDATIONS_TO_PILLARS = {}
|
||||
|
||||
|
||||
def populate_mappings():
|
||||
populate_pillars_to_tests()
|
||||
populate_directives_to_tests()
|
||||
populate_directives_to_pillars()
|
||||
populate_recommendations_to_tests()
|
||||
populate_recommendations_to_pillars()
|
||||
|
||||
|
||||
def populate_pillars_to_tests():
|
||||
|
@ -161,17 +161,17 @@ def populate_pillars_to_tests():
|
|||
PILLARS_TO_TESTS[pillar].append(test)
|
||||
|
||||
|
||||
def populate_directives_to_tests():
|
||||
for single_directive in DIRECTIVES:
|
||||
DIRECTIVES_TO_TESTS[single_directive] = []
|
||||
def populate_recommendations_to_tests():
|
||||
for single_recommendation in RECOMMENDATIONS:
|
||||
RECOMMENDATIONS_TO_TESTS[single_recommendation] = []
|
||||
for test, test_info in TESTS_MAP.items():
|
||||
DIRECTIVES_TO_TESTS[test_info[DIRECTIVE_KEY]].append(test)
|
||||
RECOMMENDATIONS_TO_TESTS[test_info[RECOMMENDATION_KEY]].append(test)
|
||||
|
||||
|
||||
def populate_directives_to_pillars():
|
||||
for directive, directive_tests in DIRECTIVES_TO_TESTS.items():
|
||||
directive_pillars = set()
|
||||
for test in directive_tests:
|
||||
def populate_recommendations_to_pillars():
|
||||
for recommendation, recommendation_tests in RECOMMENDATIONS_TO_TESTS.items():
|
||||
recommendations_pillars = set()
|
||||
for test in recommendation_tests:
|
||||
for pillar in TESTS_MAP[test][PILLARS_KEY]:
|
||||
directive_pillars.add(pillar)
|
||||
DIRECTIVES_TO_PILLARS[directive] = directive_pillars
|
||||
recommendations_pillars.add(pillar)
|
||||
RECOMMENDATIONS_TO_PILLARS[recommendation] = recommendations_pillars
|
||||
|
|
|
@ -14,7 +14,7 @@ from monkey_island.cc.models.zero_trust.event import Event
|
|||
class Finding(Document):
|
||||
"""
|
||||
This model represents a Zero-Trust finding: A result of a test the monkey/island might perform to see if a
|
||||
specific directive of zero trust is upheld or broken.
|
||||
specific recommendation of zero trust is upheld or broken.
|
||||
|
||||
Findings might be
|
||||
Negative ❌
|
||||
|
|
|
@ -14,7 +14,7 @@ REPORT_TYPES = [SECURITY_REPORT_TYPE, ZERO_TRUST_REPORT_TYPE]
|
|||
|
||||
REPORT_DATA_PILLARS = "pillars"
|
||||
REPORT_DATA_FINDINGS = "findings"
|
||||
REPORT_DATA_DIRECTIVES_STATUS = "directives"
|
||||
REPORT_DATA_RECOMMENDATIONS_STATUS = "recommendations"
|
||||
|
||||
__author__ = ["itay.mizeretz", "shay.nehmad"]
|
||||
|
||||
|
@ -33,8 +33,8 @@ class Report(flask_restful.Resource):
|
|||
"grades": ZeroTrustService.get_pillars_grades()
|
||||
}
|
||||
)
|
||||
elif report_data == REPORT_DATA_DIRECTIVES_STATUS:
|
||||
return jsonify(ZeroTrustService.get_directives_status())
|
||||
elif report_data == REPORT_DATA_RECOMMENDATIONS_STATUS:
|
||||
return jsonify(ZeroTrustService.get_recommendations_status())
|
||||
elif report_data == REPORT_DATA_FINDINGS:
|
||||
return jsonify(ZeroTrustService.get_all_findings())
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{
|
||||
"server_config": "standard",
|
||||
"server_config": "testing",
|
||||
"deployment": "develop"
|
||||
}
|
||||
|
|
|
@ -98,7 +98,7 @@ class TestZeroTrustService(IslandTestCase):
|
|||
|
||||
self.assertEquals(result, expected)
|
||||
|
||||
def test_get_directives_status(self):
|
||||
def test_get_recommendations_status(self):
|
||||
self.fail_if_not_testing_env()
|
||||
self.clean_finding_db()
|
||||
|
||||
|
@ -108,7 +108,7 @@ class TestZeroTrustService(IslandTestCase):
|
|||
AUTOMATION_ORCHESTRATION: [],
|
||||
DATA: [
|
||||
{
|
||||
"directive": DIRECTIVES[DIRECTIVE_DATA_TRANSIT],
|
||||
"recommendation": RECOMMENDATIONS[RECOMMENDATION_DATA_TRANSIT],
|
||||
"status": STATUS_CONCLUSIVE,
|
||||
"tests": [
|
||||
{
|
||||
|
@ -124,7 +124,7 @@ class TestZeroTrustService(IslandTestCase):
|
|||
],
|
||||
DEVICES: [
|
||||
{
|
||||
"directive": DIRECTIVES[DIRECTIVE_ENDPOINT_SECURITY],
|
||||
"recommendation": RECOMMENDATIONS[RECOMMENDATION_ENDPOINT_SECURITY],
|
||||
"status": STATUS_CONCLUSIVE,
|
||||
"tests": [
|
||||
{
|
||||
|
@ -140,7 +140,7 @@ class TestZeroTrustService(IslandTestCase):
|
|||
],
|
||||
NETWORKS: [
|
||||
{
|
||||
"directive": DIRECTIVES[DIRECTIVE_SEGMENTATION],
|
||||
"recommendation": RECOMMENDATIONS[RECOMMENDATION_SEGMENTATION],
|
||||
"status": STATUS_UNEXECUTED,
|
||||
"tests": [
|
||||
{
|
||||
|
@ -150,7 +150,7 @@ class TestZeroTrustService(IslandTestCase):
|
|||
]
|
||||
},
|
||||
{
|
||||
"directive": DIRECTIVES[DIRECTIVE_USER_BEHAVIOUR],
|
||||
"recommendation": RECOMMENDATIONS[RECOMMENDATION_USER_BEHAVIOUR],
|
||||
"status": STATUS_INCONCLUSIVE,
|
||||
"tests": [
|
||||
{
|
||||
|
@ -160,7 +160,7 @@ class TestZeroTrustService(IslandTestCase):
|
|||
]
|
||||
},
|
||||
{
|
||||
"directive": DIRECTIVES[DIRECTIVE_ANALYZE_NETWORK_TRAFFIC],
|
||||
"recommendation": RECOMMENDATIONS[RECOMMENDATION_ANALYZE_NETWORK_TRAFFIC],
|
||||
"status": STATUS_UNEXECUTED,
|
||||
"tests": [
|
||||
{
|
||||
|
@ -172,7 +172,7 @@ class TestZeroTrustService(IslandTestCase):
|
|||
],
|
||||
PEOPLE: [
|
||||
{
|
||||
"directive": DIRECTIVES[DIRECTIVE_USER_BEHAVIOUR],
|
||||
"recommendation": RECOMMENDATIONS[RECOMMENDATION_USER_BEHAVIOUR],
|
||||
"status": STATUS_INCONCLUSIVE,
|
||||
"tests": [
|
||||
{
|
||||
|
@ -184,7 +184,7 @@ class TestZeroTrustService(IslandTestCase):
|
|||
],
|
||||
"Visibility & Analytics": [
|
||||
{
|
||||
"directive": DIRECTIVES[DIRECTIVE_ANALYZE_NETWORK_TRAFFIC],
|
||||
"recommendation": RECOMMENDATIONS[RECOMMENDATION_ANALYZE_NETWORK_TRAFFIC],
|
||||
"status": STATUS_UNEXECUTED,
|
||||
"tests": [
|
||||
{
|
||||
|
@ -197,7 +197,7 @@ class TestZeroTrustService(IslandTestCase):
|
|||
"Workloads": []
|
||||
}
|
||||
|
||||
self.assertEquals(ZeroTrustService.get_directives_status(), expected)
|
||||
self.assertEquals(ZeroTrustService.get_recommendations_status(), expected)
|
||||
|
||||
def test_get_pillars_to_statuses(self):
|
||||
self.fail_if_not_testing_env()
|
||||
|
|
|
@ -39,30 +39,30 @@ class ZeroTrustService(object):
|
|||
return pillar_grade
|
||||
|
||||
@staticmethod
|
||||
def get_directives_status():
|
||||
all_directive_statuses = {}
|
||||
def get_recommendations_status():
|
||||
all_recommendations_statuses = {}
|
||||
|
||||
# init with empty lists
|
||||
for pillar in PILLARS:
|
||||
all_directive_statuses[pillar] = []
|
||||
all_recommendations_statuses[pillar] = []
|
||||
|
||||
for directive, directive_tests in DIRECTIVES_TO_TESTS.items():
|
||||
for pillar in DIRECTIVES_TO_PILLARS[directive]:
|
||||
all_directive_statuses[pillar].append(
|
||||
for recommendation, recommendation_tests in RECOMMENDATIONS_TO_TESTS.items():
|
||||
for pillar in RECOMMENDATIONS_TO_PILLARS[recommendation]:
|
||||
all_recommendations_statuses[pillar].append(
|
||||
{
|
||||
"directive": DIRECTIVES[directive],
|
||||
"tests": ZeroTrustService.__get_tests_status(directive_tests),
|
||||
"status": ZeroTrustService.__get_directive_status(directive_tests)
|
||||
"recommendation": RECOMMENDATIONS[recommendation],
|
||||
"tests": ZeroTrustService.__get_tests_status(recommendation_tests),
|
||||
"status": ZeroTrustService.__get_recommendation_status(recommendation_tests)
|
||||
}
|
||||
)
|
||||
|
||||
return all_directive_statuses
|
||||
return all_recommendations_statuses
|
||||
|
||||
@staticmethod
|
||||
def __get_directive_status(directive_tests):
|
||||
def __get_recommendation_status(recommendation_tests):
|
||||
worst_status = STATUS_UNEXECUTED
|
||||
all_statuses = set()
|
||||
for test in directive_tests:
|
||||
for test in recommendation_tests:
|
||||
all_statuses |= set(Finding.objects(test=test).distinct("status"))
|
||||
|
||||
for status in all_statuses:
|
||||
|
@ -72,9 +72,9 @@ class ZeroTrustService(object):
|
|||
return worst_status
|
||||
|
||||
@staticmethod
|
||||
def __get_tests_status(directive_tests):
|
||||
def __get_tests_status(recommendation_tests):
|
||||
results = []
|
||||
for test in directive_tests:
|
||||
for test in recommendation_tests:
|
||||
test_findings = Finding.objects(test=test)
|
||||
results.append(
|
||||
{
|
||||
|
|
|
@ -68,7 +68,7 @@ class ZeroTrustReportPageComponent extends AuthComponent {
|
|||
} else {
|
||||
content = <div id="MainContentSection">
|
||||
{this.generateOverviewSection()}
|
||||
{this.generateDirectivesSection()}
|
||||
{this.generateRecommendationsSection()}
|
||||
{this.generateFindingsSection()}
|
||||
</div>;
|
||||
}
|
||||
|
@ -102,7 +102,7 @@ class ZeroTrustReportPageComponent extends AuthComponent {
|
|||
</div>);
|
||||
}
|
||||
|
||||
generateDirectivesSection() {
|
||||
generateRecommendationsSection() {
|
||||
return (<div id="recommendations-overview">
|
||||
<h2>Recommendations</h2>
|
||||
<p>
|
||||
|
@ -110,11 +110,11 @@ class ZeroTrustReportPageComponent extends AuthComponent {
|
|||
to understand how the monkey tested your adherence to that recommendation.
|
||||
</p>
|
||||
{
|
||||
Object.keys(this.state.directives).map((pillar) =>
|
||||
Object.keys(this.state.recommendations).map((pillar) =>
|
||||
<SinglePillarRecommendationsStatus
|
||||
key={pillar}
|
||||
pillar={pillar}
|
||||
recommendationsStatus={this.state.directives[pillar]}
|
||||
recommendationsStatus={this.state.recommendations[pillar]}
|
||||
pillarsToStatuses={this.state.pillars.pillarsToStatuses}/>
|
||||
)
|
||||
}
|
||||
|
@ -152,7 +152,7 @@ class ZeroTrustReportPageComponent extends AuthComponent {
|
|||
}
|
||||
|
||||
stillLoadingDataFromServer() {
|
||||
return typeof this.state.findings === "undefined" || typeof this.state.pillars === "undefined" || typeof this.state.directives === "undefined";
|
||||
return typeof this.state.findings === "undefined" || typeof this.state.pillars === "undefined" || typeof this.state.recommendations === "undefined";
|
||||
}
|
||||
|
||||
getZeroTrustReportFromServer() {
|
||||
|
@ -164,11 +164,11 @@ class ZeroTrustReportPageComponent extends AuthComponent {
|
|||
findings: res
|
||||
});
|
||||
});
|
||||
this.authFetch('/api/report/zero_trust/directives')
|
||||
this.authFetch('/api/report/zero_trust/recommendations')
|
||||
.then(res => res.json())
|
||||
.then(res => {
|
||||
this.setState({
|
||||
directives: res
|
||||
recommendations: res
|
||||
});
|
||||
});
|
||||
this.authFetch('/api/report/zero_trust/pillars')
|
||||
|
|
|
@ -15,7 +15,7 @@ const columns = [
|
|||
},
|
||||
maxWidth: 80
|
||||
},
|
||||
{ Header: 'Recommendation', accessor: 'directive',
|
||||
{ Header: 'Recommendation', accessor: 'recommendation',
|
||||
style: {'whiteSpace': 'unset'} // This enables word wrap
|
||||
},
|
||||
{ Header: 'Tests', id: 'tests',
|
||||
|
@ -66,10 +66,10 @@ class TestsStatus extends AuthComponent {
|
|||
|
||||
export class RecommendationsStatusTable extends AuthComponent {
|
||||
render() {
|
||||
return <PaginatedTable data={this.props.directivesStatus} columns={columns} pageSize={5}/>;
|
||||
return <PaginatedTable data={this.props.recommendationsStatus} columns={columns} pageSize={5}/>;
|
||||
}
|
||||
}
|
||||
|
||||
export default RecommendationsStatusTable;
|
||||
|
||||
RecommendationsStatusTable.propTypes = {directivesStatus: PropTypes.array};
|
||||
RecommendationsStatusTable.propTypes = {recommendationsStatus: PropTypes.array};
|
||||
|
|
|
@ -22,7 +22,7 @@ export default class SinglePillarRecommendationsStatus extends AuthComponent {
|
|||
</Panel.Heading>
|
||||
<Panel.Collapse>
|
||||
<Panel.Body>
|
||||
<RecommendationsStatusTable directivesStatus={this.props.recommendationsStatus}/>
|
||||
<RecommendationsStatusTable recommendationsStatus={this.props.recommendationsStatus}/>
|
||||
</Panel.Body>
|
||||
</Panel.Collapse>
|
||||
</Panel>
|
||||
|
|
Loading…
Reference in New Issue