diff --git a/.swm/JFXftJml8DpmuCPBA9rL.swm b/.swm/JFXftJml8DpmuCPBA9rL.swm index 7c186126e..3e348a3a6 100644 --- a/.swm/JFXftJml8DpmuCPBA9rL.swm +++ b/.swm/JFXftJml8DpmuCPBA9rL.swm @@ -1,30 +1,51 @@ { "id": "JFXftJml8DpmuCPBA9rL", "name": "Add details about your new PBA", - "dod": "WW91JTIwc2hvdWxkJTIwYWRkJTIweW91ciUyMG5ldyUyMFBCQSdzJTIwZGV0YWlscyUyMHRvJTIwdGhlJTIwY29uZmlndXJhdGlvbi4=", - "description": "SW4lMjBvcmRlciUyMHRvJTIwbWFrZSUyMHN1cmUlMjB0aGF0JTIwdGhlJTIwbmV3JTIwJTYwU2NoZWR1bGVKb2JzJTYwJTIwUEJBJTIwaXMlMjBzaG93biUyMGluJTIwdGhlJTIwY29uZmlndXJhdGlvbiUyMG9uJTIwdGhlJTIwTW9ua2V5JTIwSXNsYW5kJTJDJTIweW91JTIwbmVlZCUyMHRvJTIwYWRkJTIwaXRzJTIwZGV0YWlscyUyMHRvJTIwdGhlJTIwY29uZmlndXJhdGlvbiUyMGZpbGUocykuJTIwJTNDYnIlM0UlM0NiciUzRSUwQSUwQVNpbmNlJTIwdGhpcyUyMHBhcnRpY3VsYXIlMjBQQkElMjBpcyUyMHJlbGF0ZWQlMjB0byUyMHRoZSUyME1JVFJFJTIwdGVjaG5pcXVlcyUyMCU1QlQxMTY4JTVEKGh0dHBzJTNBJTJGJTJGYXR0YWNrLm1pdHJlLm9yZyUyRnRlY2huaXF1ZXMlMkZUMTE2OCklMjBhbmQlMjAlNUJUMTA1MyU1RChodHRwcyUzQSUyRiUyRmF0dGFjay5taXRyZS5vcmclMkZ0ZWNobmlxdWVzJTJGVDEwNTMpJTJDJTIwbWFrZSUyMHN1cmUlMjB0byUyMGxpbmslMjB0aGUlMjBQQkElMjB3aXRoJTIwdGhlc2UlMjB0ZWNobmlxdWVzJTIwaW4lMjB0aGUlMjBjb25maWd1cmF0aW9uJTIwYXMlMjB3ZWxsLiUyMCUzQ2JyJTNFJTNDYnIlM0UlMEElMEFFYWNoJTIwcGFydCUyMG9mJTIwdGhlJTIwY29uZmlndXJhdGlvbiUyMGhhcyUyMGFuJTIwaW1wb3J0YW50JTIwcm9sZSUyMCUyMCUwQS0lMjAqZW51bSolMjAlRTIlODAlOTQlMjBjb250YWlucyUyMHRoZSUyMHJlbGV2YW50JTIwUEJBJ3MlMjBjbGFzcyUyMG5hbWUocyklMEEtJTIwKnRpdGxlKiUyMCVFMiU4MCU5NCUyMGhvbGRzJTIwdGhlJTIwbmFtZSUyMG9mJTIwdGhlJTIwUEJBJTIwd2hpY2glMjBpcyUyMGRpc3BsYXllZCUyMGluJTIwdGhlJTIwY29uZmlndXJhdGlvbiUyMG9uJTIwdGhlJTIwTW9ua2V5JTIwSXNsYW5kJTBBLSUyMCppbmZvKiUyMCVFMiU4MCU5NCUyMGNvbnNpc3RzJTIwb2YlMjBhbiUyMGVsYWJvcmF0aW9uJTIwb24lMjB0aGUlMjBQQkEncyUyMHdvcmtpbmclMjB3aGljaCUyMGlzJTIwZGlzcGxheWVkJTIwaW4lMjB0aGUlMjBjb25maWd1cmF0aW9uJTIwb24lMjB0aGUlMjBNb25rZXklMjBJc2xhbmQlMEEtJTIwKmF0dGFja190ZWNobmlxdWVzKiUyMCVFMiU4MCU5NCUyMGhhcyUyMHRoZSUyMElEcyUyMG9mJTIwdGhlJTIwTUlUUkUlMjB0ZWNobmlxdWVzJTIwYXNzb2NpYXRlZCUyMHdpdGglMjB0aGUlMjBQQkElMEElMEElMjMlMjMlMjBNYW51YWwlMjB0ZXN0JTIwJTIwJTBBT25jZSUyMHlvdSUyMHRoaW5rJTIweW91J3JlJTIwZG9uZS4uLiUwQS0lMjBSdW4lMjB0aGUlMjBNb25rZXklMjBJc2xhbmQlMEEtJTIwWW91JTIwc2hvdWxkJTIwYmUlMjBhYmxlJTIwdG8lMjBzZWUlMjB5b3VyJTIwbmV3JTIwUEJBJTIwdW5kZXIlMjB0aGUlMjAlMjJNb25rZXklMjIlMjB0YWIlMjBpbiUyMHRoZSUyMGNvbmZpZ3VyYXRpb24lMkMlMjBhbG9uZyUyMHdpdGglMjBpdHMlMjBpbmZvcm1hdGlvbiUyMHdoZW4lMjB5b3UlMjBjbGljayUyMG9uJTIwaXQlMEEtJTIwRnVydGhlciUyQyUyMHdoZW4lMjB5b3UlMjBlbmFibGUlMkZkaXNhYmxlJTIwdGhlJTIwYXNzb2NpYXRlZCUyME1JVFJFJTIwdGVjaG5pcXVlcyUyMHVuZGVyJTIwdGhlJTIwQVRUJTI2Q0slMjB0YWIlMjBpbiUyMHRoZSUyMGNvbmZpZ3VyYXRpb24lMkMlMjB0aGUlMjBQQkElMjBzaG91bGQlMjBhbHNvJTIwYmUlMjBlbmFibGVkJTJGZGlzYWJsZWQlMEElMEElM0NpbWclMjBzcmMlM0QlMjJodHRwcyUzQSUyRiUyRmkuaW1ndXIuY29tJTJGYTVWU2tMNS5naWYlMjIlMjBoZWlnaHQlM0Q0MDAlM0U=", - "summary": "LSUyMFRoZSUyMFBCQSUyMGRldGFpbHMlMjBpbiUyMHRoaXMlMjBmaWxlJTIwYXJlJTIwcmVmbGVjdGVkJTIwb24lMjB0aGUlMjBNb25rZXklMjBJc2xhbmQlMjBpbiUyMHRoZSUyMFBCQSUyMGNvbmZpZ3VyYXRpb24uJTBBLSUyMFBCQXMlMjBhcmUlMjBhbHNvJTIwbGlua2VkJTIwdG8lMjB0aGUlMjByZWxldmFudCUyME1JVFJFJTIwdGVjaG5pcXVlcyUyMGluJTIwdGhpcyUyMGZpbGUlMkMlMjB3aG9zZSUyMHJlc3VsdHMlMjBjYW4lMjB0aGVuJTIwYmUlMjBzZWVuJTIwaW4lMjB0aGUlMjBNSVRSRSUyMEFUVCUyNkNLJTIwcmVwb3J0JTIwb24lMjB0aGUlMjBNb25rZXklMjBJc2xhbmQu", - "diff": "ZGlmZiUyMC0tZ2l0JTIwYSUyRm1vbmtleSUyRm1vbmtleV9pc2xhbmQlMkZjYyUyRnNlcnZpY2VzJTJGY29uZmlnX3NjaGVtYSUyRmRlZmluaXRpb25zJTJGcG9zdF9icmVhY2hfYWN0aW9ucy5weSUyMGIlMkZtb25rZXklMkZtb25rZXlfaXNsYW5kJTJGY2MlMkZzZXJ2aWNlcyUyRmNvbmZpZ19zY2hlbWElMkZkZWZpbml0aW9ucyUyRnBvc3RfYnJlYWNoX2FjdGlvbnMucHklMEFpbmRleCUyMGYxZmUwZjZmLi5jY2UzN2IyNCUyMDEwMDY0NCUwQS0tLSUyMGElMkZtb25rZXklMkZtb25rZXlfaXNsYW5kJTJGY2MlMkZzZXJ2aWNlcyUyRmNvbmZpZ19zY2hlbWElMkZkZWZpbml0aW9ucyUyRnBvc3RfYnJlYWNoX2FjdGlvbnMucHklMEElMkIlMkIlMkIlMjBiJTJGbW9ua2V5JTJGbW9ua2V5X2lzbGFuZCUyRmNjJTJGc2VydmljZXMlMkZjb25maWdfc2NoZW1hJTJGZGVmaW5pdGlvbnMlMkZwb3N0X2JyZWFjaF9hY3Rpb25zLnB5JTBBJTQwJTQwJTIwLTYyJTJDMTUlMjAlMkI2MiUyQzclMjAlNDAlNDAlMjBQT1NUX0JSRUFDSF9BQ1RJT05TJTIwJTNEJTIwJTdCJTBBJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIyUmVtb3ZlcyUyMHRoZSUyMGZpbGUlMjBhZnRlcndhcmRzLiUyMiUyQyUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMmF0dGFja190ZWNobmlxdWVzJTIyJTNBJTIwJTVCJTIyVDExNjYlMjIlNUQlMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlN0QlMkMlMEEtJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTdCJTBBLSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMnR5cGUlMjIlM0ElMjAlMjJzdHJpbmclMjIlMkMlMEEtJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIyZW51bSUyMiUzQSUyMCU1QiUwQS0lMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjJTY2hlZHVsZUpvYnMlMjIlMEEtJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVEJTJDJTBBLSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMnRpdGxlJTIyJTNBJTIwJTIySm9iJTIwc2NoZWR1bGluZyUyMiUyQyUwQS0lMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjJpbmZvJTIyJTNBJTIwJTIyQXR0ZW1wdHMlMjB0byUyMGNyZWF0ZSUyMGElMjBzY2hlZHVsZWQlMjBqb2IlMjBvbiUyMHRoZSUyMHN5c3RlbSUyMGFuZCUyMHJlbW92ZSUyMGl0LiUyMiUyQyUwQS0lMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjJhdHRhY2tfdGVjaG5pcXVlcyUyMiUzQSUyMCU1QiUyMlQxMTY4JTIyJTJDJTIwJTIyVDEwNTMlMjIlNUQlMEEtJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTdEJTJDJTBBJTJCJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIzJTIwU3dpbW1lciUzQSUyMEFERCUyMERFVEFJTFMlMjBIRVJFISUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3QiUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMnR5cGUlMjIlM0ElMjAlMjJzdHJpbmclMjIlMkMlMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjJlbnVtJTIyJTNBJTIwJTVCJTBB", + "dod": "You should add your new PBA's details to the configuration.", + "description": "In order to make sure that the new `ScheduleJobs` PBA is shown in the configuration on the Monkey Island, you need to add its details to the configuration file(s).

\n\nSince this particular PBA is related to the MITRE techniques [T1168](https://attack.mitre.org/techniques/T1168) and [T1053](https://attack.mitre.org/techniques/T1053), make sure to link the PBA with these techniques in the configuration as well.

\n\nEach part of the configuration has an important role \n- *enum* — contains the relevant PBA's class name(s)\n- *title* — holds the name of the PBA which is displayed in the configuration on the Monkey Island\n- *info* — consists of an elaboration on the PBA's working which is displayed in the configuration on the Monkey Island\n- *attack_techniques* — has the IDs of the MITRE techniques associated with the PBA\n\n## Manual test \nOnce you think you're done...\n- Run the Monkey Island\n- You should be able to see your new PBA under the \"Monkey\" tab in the configuration, along with its information when you click on it\n- Further, when you enable/disable the associated MITRE techniques under the ATT&CK tab in the configuration, the PBA should also be enabled/disabled\n\n", + "summary": "- The PBA details in this file are reflected on the Monkey Island in the PBA configuration.\n- PBAs are also linked to the relevant MITRE techniques in this file, whose results can then be seen in the MITRE ATT&CK report on the Monkey Island.", + "diff": "diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py\nindex f1fe0f6f..cce37b24 100644\n--- a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py\n+++ b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py\n@@ -68,16 +68,7 @@\n \"Removes the file afterwards.\",\n \"attack_techniques\": [\"T1166\"]\n },\n- {\n+ # Swimmer: ADD DETAILS HERE!\n- \"type\": \"string\",\n- \"enum\": [\n- \"ScheduleJobs\"\n- ],\n- \"title\": \"Job scheduling\",\n- \"safe\": True,\n- \"info\": \"Attempts to create a scheduled job on the system and remove it.\",\n- \"attack_techniques\": [\"T1168\", \"T1053\"]\n- },\n {\n \"type\": \"string\",\n \"enum\": [\n", "tests": [], "hints": [ "Have a look at the details of the other techniques." ], - "files": { + "app_version": "0.3.2", + "file_version": "1.0.4", + "swimmPatch": { "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": { - "index": [ - "f1fe0f6f..cce37b24", - "100644" - ], - "fileA": "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py", - "fileB": "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py", - "status": "MODIFIED", - "numLineDeletions": 9, - "numLineAdditions": 1, - "hunkContainers": [ - "JTdCJTIyaHVuayUyMiUzQSU3QiUyMmhlYWRlciUyMiUzQSUyMiU0MCU0MCUyMC02MiUyQzE1JTIwJTJCNjIlMkM3JTIwJTQwJTQwJTIwUE9TVF9CUkVBQ0hfQUNUSU9OUyUyMCUzRCUyMCU3QiUyMiUyQyUyMmNoYW5nZXMlMjIlM0ElNUIlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlNUMlMjJSZW1vdmVzJTIwdGhlJTIwZmlsZSUyMGFmdGVyd2FyZHMuJTVDJTIyJTJDJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBNjIlMkMlMjJiJTIyJTNBNjIlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlNUMlMjJhdHRhY2tfdGVjaG5pcXVlcyU1QyUyMiUzQSUyMCU1QiU1QyUyMlQxMTY2JTVDJTIyJTVEJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBNjMlMkMlMjJiJTIyJTNBNjMlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlN0QlMkMlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E2NCUyQyUyMmIlMjIlM0E2NCU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJkZWwlMjIlMkMlMjJtYXJrJTIyJTNBJTIyLSUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlN0IlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E2NSU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJkZWwlMjIlMkMlMjJtYXJrJTIyJTNBJTIyLSUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlNUMlMjJ0eXBlJTVDJTIyJTNBJTIwJTVDJTIyc3RyaW5nJTVDJTIyJTJDJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBNjYlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyZGVsJTIyJTJDJTIybWFyayUyMiUzQSUyMi0lMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVDJTIyZW51bSU1QyUyMiUzQSUyMCU1QiUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTY3JTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1QyUyMlNjaGVkdWxlSm9icyU1QyUyMiUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTY4JTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1RCUyQyUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTY5JTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1QyUyMnRpdGxlJTVDJTIyJTNBJTIwJTVDJTIySm9iJTIwc2NoZWR1bGluZyU1QyUyMiUyQyUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTcwJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1QyUyMmluZm8lNUMlMjIlM0ElMjAlNUMlMjJBdHRlbXB0cyUyMHRvJTIwY3JlYXRlJTIwYSUyMHNjaGVkdWxlZCUyMGpvYiUyMG9uJTIwdGhlJTIwc3lzdGVtJTIwYW5kJTIwcmVtb3ZlJTIwaXQuJTVDJTIyJTJDJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBNzElN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyZGVsJTIyJTJDJTIybWFyayUyMiUzQSUyMi0lMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVDJTIyYXR0YWNrX3RlY2huaXF1ZXMlNUMlMjIlM0ElMjAlNUIlNUMlMjJUMTE2OCU1QyUyMiUyQyUyMCU1QyUyMlQxMDUzJTVDJTIyJTVEJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBNzIlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyZGVsJTIyJTJDJTIybWFyayUyMiUzQSUyMi0lMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTdEJTJDJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBNzMlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyYWRkJTIyJTJDJTIybWFyayUyMiUzQSUyMiUyQiUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjMlMjBTd2ltbWVyJTNBJTIwQUREJTIwREVUQUlMUyUyMEhFUkUhJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJiJTIyJTNBNjUlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlN0IlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E3NCUyQyUyMmIlMjIlM0E2NiU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1QyUyMnR5cGUlNUMlMjIlM0ElMjAlNUMlMjJzdHJpbmclNUMlMjIlMkMlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E3NSUyQyUyMmIlMjIlM0E2NyU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1QyUyMmVudW0lNUMlMjIlM0ElMjAlNUIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E3NiUyQyUyMmIlMjIlM0E2OCU3RCU3RCU1RCUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQSU3QiUyMnN0YXJ0TGluZSUyMiUzQTYyJTJDJTIybGluZXNDb3VudCUyMiUzQTE1JTdEJTJDJTIyYiUyMiUzQSU3QiUyMnN0YXJ0TGluZSUyMiUzQTYyJTJDJTIybGluZXNDb3VudCUyMiUzQTclN0QlN0QlN0QlN0Q=" + "diffType": "MODIFIED", + "fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py\nindex f1fe0f6f..cce37b24 100644\n--- a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py\n+++ b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py", + "hunks": [ + { + "swimmHunkMetadata": { + "hunkComments": [] + }, + "hunkDiffLines": [ + "@@ -68,16 +68,7 @@", + " \"Removes the file afterwards.\",", + " \"attack_techniques\": [\"T1166\"]", + " },", + "- {", + "+ # Swimmer: ADD DETAILS HERE!", + "- \"type\": \"string\",", + "- \"enum\": [", + "- \"ScheduleJobs\"", + "- ],", + "- \"title\": \"Job scheduling\",", + "- \"safe\": True,", + "- \"info\": \"Attempts to create a scheduled job on the system and remove it.\",", + "- \"attack_techniques\": [\"T1168\", \"T1053\"]", + "- },", + " {", + " \"type\": \"string\",", + " \"enum\": [" + ] + } ] } }, - "app_version": "0.1.90", - "file_version": "1.0.2" + "hunksOrder": [ + "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py_0" + ], + "last_commit_sha_for_swimm_patch": "9d9e8168fb2c23367b9947273aa1a041687b3e2e" } \ No newline at end of file diff --git a/.swm/tbxb2cGgUiJQ8Btma0fp.swm b/.swm/tbxb2cGgUiJQ8Btma0fp.swm index e3be3fb14..e62725beb 100644 --- a/.swm/tbxb2cGgUiJQ8Btma0fp.swm +++ b/.swm/tbxb2cGgUiJQ8Btma0fp.swm @@ -1,75 +1,140 @@ { "id": "tbxb2cGgUiJQ8Btma0fp", "name": "Add a simple Post Breach action", - "dod": "WW91JTIwc2hvdWxkJTIwYWRkJTIwYSUyMG5ldyUyMFBCQSUyMHRvJTIwdGhlJTIwTW9ua2V5JTIwd2hpY2glMjBjcmVhdGVzJTIwYSUyMG5ldyUyMHVzZXIlMjBvbiUyMHRoZSUyMG1hY2hpbmUu", - "description": "UmVhZCUyMCU1Qm91ciUyMGRvY3VtZW50YXRpb24lMjBhYm91dCUyMGFkZGluZyUyMGElMjBuZXclMjBQQkElNUQoaHR0cHMlM0ElMkYlMkZ3d3cuZ3VhcmRpY29yZS5jb20lMkZpbmZlY3Rpb25tb25rZXklMkZkb2NzJTJGZGV2ZWxvcG1lbnQlMkZhZGRpbmctcG9zdC1icmVhY2gtYWN0aW9ucyUyRikuJTBBJTBBQWZ0ZXIlMjB0aGF0JTIwd2UlMjB3YW50JTIweW91JTIwdG8lMjBhZGQlMjB0aGUlMjBCYWNrZG9vclVzZXIlMjBQQkEuJTIwVGhlJTIwY29tbWFuZHMlMjB0aGF0JTIwYWRkJTIwdXNlcnMlMjBmb3IlMjBXaW4lMjBhbmQlMjBMaW51eCUyMGNhbiUyMGJlJTIwcmV0cmlldmVkJTIwZnJvbSUyMCU2MGdldF9jb21tYW5kc190b19hZGRfdXNlciU2MCUyMC0lMjBtYWtlJTIwc3VyZSUyMHlvdSUyMHNlZSUyMGhvdyUyMHRvJTIwdXNlJTIwdGhpcyUyMGZ1bmN0aW9uJTIwY29ycmVjdGx5LiUyMCUwQSUwQU5vdGUlMjB0aGF0JTIwdGhlJTIwUEJBJTIwc2hvdWxkJTIwaW1wYWN0JTIwdGhlJTIwVDExMzYlMjBNSVRSRSUyMHRlY2huaXF1ZSUyMGFzJTIwd2VsbCElMjAlMEElMEElMjMlMjBNYW51YWwlMjB0ZXN0JTIwdG8lMjBjb25maXJtJTBBJTBBMS4lMjBSdW4lMjB0aGUlMjBNb25rZXklMjBJc2xhbmQlMEEyLiUyME1ha2UlMjBzdXJlJTIweW91ciUyMG5ldyUyMFBCQSUyMGlzJTIwZW5hYmxlZCUyMGJ5JTIwZGVmYXVsdCUyMGluJTIwdGhlJTIwY29uZmlnJTIwLSUyMGZvciUyMHRoaXMlMjB0ZXN0JTJDJTIwZGlzYWJsZSUyMG5ldHdvcmslMjBzY2FubmluZyUyQyUyMGV4cGxvaXRpbmclMkMlMjBhbmQlMjBhbGwlMjBvdGhlciUyMFBCQXMlMEEzLiUyMFJ1biUyME1vbmtleSUwQTQuJTIwU2VlJTIwdGhlJTIwUEJBJTIwaW4lMjB0aGUlMjBzZWN1cml0eSUyMHJlcG9ydCUwQTUlMkMlMjBTZWUlMjB0aGUlMjBQQkElMjBpbiUyMHRoZSUyME1JVFJFJTIwcmVwb3J0JTIwaW4lMjB0aGUlMjByZWxldmFudCUyMHRlY2huaXF1ZSUwQQ==", - "summary": "VGFrZSUyMGElMjBsb29rJTIwYXQlMjB0aGUlMjBjb25maWd1cmF0aW9uJTIwb2YlMjB0aGUlMjBpc2xhbmQlMjBhZ2FpbiUyMC0lMjBzZWUlMjB0aGUlMjAlMjJjb21tYW5kJTIwdG8lMjBydW4lMjBhZnRlciUyMGJyZWFjaCUyMiUyMG9wdGlvbiUyMHdlJTIwb2ZmZXIlMjB0aGUlMjB1c2VyJTNGJTIwSXQncyUyMGltcGxlbWVudGVkJTIwZXhhY3RseSUyMGxpa2UlMjB5b3UlMjBkaWQlMjByaWdodCUyMG5vdyUyMGJ1dCUyMGVhY2glMjB1c2VyJTIwY2FuJTIwZG8lMjBpdCUyMGZvciUyMHRoZW1zZWx2ZXMuJTIwJTBBJTBBSG93ZXZlciUyQyUyMHdoYXQlMjBpZiUyMHRoZSUyMFBCQSUyMG5lZWRzJTIwdG8lMjBkbyUyMHN0dWZmJTIwd2hpY2glMjBpcyUyMG1vcmUlMjBjb21wbGV4JTIwdGhhbiUyMGp1c3QlMjBydW5uaW5nJTIwYSUyMGZldyUyMGNvbW1hbmRzJTNGJTIwSW4lMjB0aGF0JTIwY2FzZS4uLiUyMA==", - "diff": "ZGlmZiUyMC0tZ2l0JTIwYSUyRm1vbmtleSUyRmNvbW1vbiUyRmRhdGElMkZwb3N0X2JyZWFjaF9jb25zdHMucHklMjBiJTJGbW9ua2V5JTJGY29tbW9uJTJGZGF0YSUyRnBvc3RfYnJlYWNoX2NvbnN0cy5weSUwQWluZGV4JTIwYzNiYmE5OTUuLjAzMWY5YWQwJTIwMTAwNjQ0JTBBLS0tJTIwYSUyRm1vbmtleSUyRmNvbW1vbiUyRmRhdGElMkZwb3N0X2JyZWFjaF9jb25zdHMucHklMEElMkIlMkIlMkIlMjBiJTJGbW9ua2V5JTJGY29tbW9uJTJGZGF0YSUyRnBvc3RfYnJlYWNoX2NvbnN0cy5weSUwQSU0MCU0MCUyMC0xJTJDNSUyMCUyQjElMkM1JTIwJTQwJTQwJTBBJTIwUE9TVF9CUkVBQ0hfQ09NTVVOSUNBVEVfQVNfTkVXX1VTRVIlMjAlM0QlMjAlMjJDb21tdW5pY2F0ZSUyMGFzJTIwbmV3JTIwdXNlciUyMiUwQS1QT1NUX0JSRUFDSF9CQUNLRE9PUl9VU0VSJTIwJTNEJTIwJTIyQmFja2Rvb3IlMjB1c2VyJTIyJTBBJTJCJTIzJTIwU3dpbW1lciUzQSUyMFBVVCUyMFRIRSUyME5FVyUyMENPTlNUJTIwSEVSRSElMEElMjBQT1NUX0JSRUFDSF9GSUxFX0VYRUNVVElPTiUyMCUzRCUyMCUyMkZpbGUlMjBleGVjdXRpb24lMjIlMEElMjBQT1NUX0JSRUFDSF9TSEVMTF9TVEFSVFVQX0ZJTEVfTU9ESUZJQ0FUSU9OJTIwJTNEJTIwJTIyTW9kaWZ5JTIwc2hlbGwlMjBzdGFydHVwJTIwZmlsZSUyMiUwQSUyMFBPU1RfQlJFQUNIX0hJRERFTl9GSUxFUyUyMCUzRCUyMCUyMkhpZGUlMjBmaWxlcyUyMGFuZCUyMGRpcmVjdG9yaWVzJTIyJTBBZGlmZiUyMC0tZ2l0JTIwYSUyRm1vbmtleSUyRmluZmVjdGlvbl9tb25rZXklMkZwb3N0X2JyZWFjaCUyRmFjdGlvbnMlMkZhZGRfdXNlci5weSUyMGIlMkZtb25rZXklMkZpbmZlY3Rpb25fbW9ua2V5JTJGcG9zdF9icmVhY2glMkZhY3Rpb25zJTJGYWRkX3VzZXIucHklMEFpbmRleCUyMDU4YmU4OWExLi5kODQ3NmE5NyUyMDEwMDY0NCUwQS0tLSUyMGElMkZtb25rZXklMkZpbmZlY3Rpb25fbW9ua2V5JTJGcG9zdF9icmVhY2glMkZhY3Rpb25zJTJGYWRkX3VzZXIucHklMEElMkIlMkIlMkIlMjBiJTJGbW9ua2V5JTJGaW5mZWN0aW9uX21vbmtleSUyRnBvc3RfYnJlYWNoJTJGYWN0aW9ucyUyRmFkZF91c2VyLnB5JTBBJTQwJTQwJTIwLTElMkMxNSUyMCUyQjElMkM3JTIwJTQwJTQwJTBBLWZyb20lMjBjb21tb24uZGF0YS5wb3N0X2JyZWFjaF9jb25zdHMlMjBpbXBvcnQlMjBQT1NUX0JSRUFDSF9CQUNLRE9PUl9VU0VSJTBBLWZyb20lMjBpbmZlY3Rpb25fbW9ua2V5LmNvbmZpZyUyMGltcG9ydCUyMFdvcm1Db25maWd1cmF0aW9uJTBBJTIwZnJvbSUyMGluZmVjdGlvbl9tb25rZXkucG9zdF9icmVhY2gucGJhJTIwaW1wb3J0JTIwUEJBJTBBJTIwZnJvbSUyMGluZmVjdGlvbl9tb25rZXkudXRpbHMudXNlcnMlMjBpbXBvcnQlMjBnZXRfY29tbWFuZHNfdG9fYWRkX3VzZXIlMEElMjAlMEElMjAlMEElMjBjbGFzcyUyMEJhY2tkb29yVXNlcihQQkEpJTNBJTBBJTIwJTIwJTIwJTIwJTIwZGVmJTIwX19pbml0X18oc2VsZiklM0ElMEEtJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwbGludXhfY21kcyUyQyUyMHdpbmRvd3NfY21kcyUyMCUzRCUyMGdldF9jb21tYW5kc190b19hZGRfdXNlciglMEEtJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwV29ybUNvbmZpZ3VyYXRpb24udXNlcl90b19hZGQlMkMlMEEtJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwV29ybUNvbmZpZ3VyYXRpb24ucmVtb3RlX3VzZXJfcGFzcyklMEEtJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwc3VwZXIoQmFja2Rvb3JVc2VyJTJDJTIwc2VsZikuX19pbml0X18oJTBBLSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMFBPU1RfQlJFQUNIX0JBQ0tET09SX1VTRVIlMkMlMEEtJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwbGludXhfY21kJTNEJyUyMCcuam9pbihsaW51eF9jbWRzKSUyQyUwQS0lMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjB3aW5kb3dzX2NtZCUzRHdpbmRvd3NfY21kcyklMEElMkIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjBwYXNzJTIwJTIwJTIzJTIwU3dpbW1lciUzQSUyMEltcGwlMjBoZXJlISUwQWRpZmYlMjAtLWdpdCUyMGElMkZtb25rZXklMkZtb25rZXlfaXNsYW5kJTJGY2MlMkZzZXJ2aWNlcyUyRmF0dGFjayUyRnRlY2huaXF1ZV9yZXBvcnRzJTJGVDExMzYucHklMjBiJTJGbW9ua2V5JTJGbW9ua2V5X2lzbGFuZCUyRmNjJTJGc2VydmljZXMlMkZhdHRhY2slMkZ0ZWNobmlxdWVfcmVwb3J0cyUyRlQxMTM2LnB5JTBBaW5kZXglMjAwODZhMWMxMy4uZGE5OWU4NmMlMjAxMDA2NDQlMEEtLS0lMjBhJTJGbW9ua2V5JTJGbW9ua2V5X2lzbGFuZCUyRmNjJTJGc2VydmljZXMlMkZhdHRhY2slMkZ0ZWNobmlxdWVfcmVwb3J0cyUyRlQxMTM2LnB5JTBBJTJCJTJCJTJCJTIwYiUyRm1vbmtleSUyRm1vbmtleV9pc2xhbmQlMkZjYyUyRnNlcnZpY2VzJTJGYXR0YWNrJTJGdGVjaG5pcXVlX3JlcG9ydHMlMkZUMTEzNi5weSUwQSU0MCU0MCUyMC0xJTJDNSUyMCUyQjElMkM1JTIwJTQwJTQwJTBBJTIwZnJvbSUyMGNvbW1vbi5kYXRhLnBvc3RfYnJlYWNoX2NvbnN0cyUyMGltcG9ydCUyMCglMEEtJTIwJTIwJTIwJTIwUE9TVF9CUkVBQ0hfQkFDS0RPT1JfVVNFUiUyQyUyMFBPU1RfQlJFQUNIX0NPTU1VTklDQVRFX0FTX05FV19VU0VSKSUwQSUyQiUyMCUyMCUyMCUyMFBPU1RfQlJFQUNIX0NPTU1VTklDQVRFX0FTX05FV19VU0VSKSUwQSUyMGZyb20lMjBtb25rZXlfaXNsYW5kLmNjLnNlcnZpY2VzLmF0dGFjay50ZWNobmlxdWVfcmVwb3J0cy5wYmFfdGVjaG5pcXVlJTIwaW1wb3J0JTIwJTVDJTBBJTIwJTIwJTIwJTIwJTIwUG9zdEJyZWFjaFRlY2huaXF1ZSUwQSUyMCUwQSU0MCU0MCUyMC0xMSUyQzQlMjAlMkIxMSUyQzQlMjAlNDAlNDAlMjBjbGFzcyUyMFQxMTM2KFBvc3RCcmVhY2hUZWNobmlxdWUpJTNBJTBBJTIwJTIwJTIwJTIwJTIwdW5zY2FubmVkX21zZyUyMCUzRCUyMCUyMk1vbmtleSUyMGRpZG4ndCUyMHRyeSUyMGNyZWF0aW5nJTIwYSUyMG5ldyUyMHVzZXIlMjBvbiUyMHRoZSUyMG5ldHdvcmsncyUyMHN5c3RlbXMuJTIyJTBBJTIwJTIwJTIwJTIwJTIwc2Nhbm5lZF9tc2clMjAlM0QlMjAlMjJNb25rZXklMjB0cmllZCUyMGNyZWF0aW5nJTIwYSUyMG5ldyUyMHVzZXIlMjBvbiUyMHRoZSUyMG5ldHdvcmsncyUyMHN5c3RlbXMlMkMlMjBidXQlMjBmYWlsZWQuJTIyJTBBJTIwJTIwJTIwJTIwJTIwdXNlZF9tc2clMjAlM0QlMjAlMjJNb25rZXklMjBjcmVhdGVkJTIwYSUyMG5ldyUyMHVzZXIlMjBvbiUyMHRoZSUyMG5ldHdvcmsncyUyMHN5c3RlbXMuJTIyJTBBLSUyMCUyMCUyMCUyMHBiYV9uYW1lcyUyMCUzRCUyMCU1QlBPU1RfQlJFQUNIX0JBQ0tET09SX1VTRVIlMkMlMjBQT1NUX0JSRUFDSF9DT01NVU5JQ0FURV9BU19ORVdfVVNFUiU1RCUwQSUyQiUyMCUyMCUyMCUyMHBiYV9uYW1lcyUyMCUzRCUyMCU1QlBPU1RfQlJFQUNIX0NPTU1VTklDQVRFX0FTX05FV19VU0VSJTVEJTBBZGlmZiUyMC0tZ2l0JTIwYSUyRm1vbmtleSUyRm1vbmtleV9pc2xhbmQlMkZjYyUyRnNlcnZpY2VzJTJGY29uZmlnX3NjaGVtYSUyRmRlZmluaXRpb25zJTJGcG9zdF9icmVhY2hfYWN0aW9ucy5weSUyMGIlMkZtb25rZXklMkZtb25rZXlfaXNsYW5kJTJGY2MlMkZzZXJ2aWNlcyUyRmNvbmZpZ19zY2hlbWElMkZkZWZpbml0aW9ucyUyRnBvc3RfYnJlYWNoX2FjdGlvbnMucHklMEFpbmRleCUyMGYzZTJhOWJmLi4yYzRhYTY2NCUyMDEwMDY0NCUwQS0tLSUyMGElMkZtb25rZXklMkZtb25rZXlfaXNsYW5kJTJGY2MlMkZzZXJ2aWNlcyUyRmNvbmZpZ19zY2hlbWElMkZkZWZpbml0aW9ucyUyRnBvc3RfYnJlYWNoX2FjdGlvbnMucHklMEElMkIlMkIlMkIlMjBiJTJGbW9ua2V5JTJGbW9ua2V5X2lzbGFuZCUyRmNjJTJGc2VydmljZXMlMkZjb25maWdfc2NoZW1hJTJGZGVmaW5pdGlvbnMlMkZwb3N0X2JyZWFjaF9hY3Rpb25zLnB5JTBBJTQwJTQwJTIwLTQlMkMxNSUyMCUyQjQlMkM3JTIwJTQwJTQwJTIwUE9TVF9CUkVBQ0hfQUNUSU9OUyUyMCUzRCUyMCU3QiUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMm1pZ2h0JTIwZG8lMjBhZnRlciUyMGJyZWFjaGluZyUyMGElMjBuZXclMjBtYWNoaW5lLiUyMFVzZWQlMjBpbiUyMEFUVCUyNkNLJTIwYW5kJTIwWmVybyUyMHRydXN0JTIwcmVwb3J0cy4lMjIlMkMlMEElMjAlMjAlMjAlMjAlMjAlMjJ0eXBlJTIyJTNBJTIwJTIyc3RyaW5nJTIyJTJDJTBBJTIwJTIwJTIwJTIwJTIwJTIyYW55T2YlMjIlM0ElMjAlNUIlMEEtJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTdCJTBBLSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMnR5cGUlMjIlM0ElMjAlMjJzdHJpbmclMjIlMkMlMEEtJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIyZW51bSUyMiUzQSUyMCU1QiUwQS0lMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjJCYWNrZG9vclVzZXIlMjIlMEEtJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVEJTJDJTBBLSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMnRpdGxlJTIyJTNBJTIwJTIyQmFjayUyMGRvb3IlMjB1c2VyJTIyJTJDJTBBLSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMmluZm8lMjIlM0ElMjAlMjJBdHRlbXB0cyUyMHRvJTIwY3JlYXRlJTIwYSUyMG5ldyUyMHVzZXIlMjBvbiUyMHRoZSUyMHN5c3RlbSUyMGFuZCUyMGRlbGV0ZSUyMGl0JTIwYWZ0ZXJ3YXJkcy4lMjIlMkMlMEEtJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIyYXR0YWNrX3RlY2huaXF1ZXMlMjIlM0ElMjAlNUIlMjJUMTEzNiUyMiU1RCUwQS0lMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlN0QlMkMlMEElMkIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjMlMjBTd2ltbWVyJTNBJTIwQWRkJTIwbmV3JTIwUEJBJTIwaGVyZSUyMHRvJTIwY29uZmlnISUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3QiUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMnR5cGUlMjIlM0ElMjAlMjJzdHJpbmclMjIlMkMlMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjJlbnVtJTIyJTNBJTIwJTVCJTBB", + "dod": "You should add a new PBA to the Monkey which creates a new user on the machine.", + "description": "Read [our documentation about adding a new PBA](https://www.guardicore.com/infectionmonkey/docs/development/adding-post-breach-actions/).\n\nAfter that we want you to add the BackdoorUser PBA. The commands that add users for Win and Linux can be retrieved from `get_commands_to_add_user` - make sure you see how to use this function correctly. \n\nNote that the PBA should impact the T1136 MITRE technique as well! \n\n# Manual test to confirm\n\n1. Run the Monkey Island\n2. Make sure your new PBA is enabled by default in the config - for this test, disable network scanning, exploiting, and all other PBAs\n3. Run Monkey\n4. See the PBA in the security report\n5, See the PBA in the MITRE report in the relevant technique\n", + "summary": "Take a look at the configuration of the island again - see the \"command to run after breach\" option we offer the user? It's implemented exactly like you did right now but each user can do it for themselves. \n\nHowever, what if the PBA needs to do stuff which is more complex than just running a few commands? In that case... ", + "diff": "diff --git a/monkey/common/data/post_breach_consts.py b/monkey/common/data/post_breach_consts.py\nindex c3bba995..031f9ad0 100644\n--- a/monkey/common/data/post_breach_consts.py\n+++ b/monkey/common/data/post_breach_consts.py\n@@ -1,5 +1,5 @@\n POST_BREACH_COMMUNICATE_AS_NEW_USER = \"Communicate as new user\"\n-POST_BREACH_BACKDOOR_USER = \"Backdoor user\"\n+# Swimmer: PUT THE NEW CONST HERE!\n POST_BREACH_FILE_EXECUTION = \"File execution\"\n POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION = \"Modify shell startup file\"\n POST_BREACH_HIDDEN_FILES = \"Hide files and directories\"\ndiff --git a/monkey/infection_monkey/post_breach/actions/add_user.py b/monkey/infection_monkey/post_breach/actions/add_user.py\nindex 58be89a1..d8476a97 100644\n--- a/monkey/infection_monkey/post_breach/actions/add_user.py\n+++ b/monkey/infection_monkey/post_breach/actions/add_user.py\n@@ -1,15 +1,7 @@\n-from common.data.post_breach_consts import POST_BREACH_BACKDOOR_USER\n-from infection_monkey.config import WormConfiguration\n from infection_monkey.post_breach.pba import PBA\n from infection_monkey.utils.users import get_commands_to_add_user\n \n \n class BackdoorUser(PBA):\n def __init__(self):\n- linux_cmds, windows_cmds = get_commands_to_add_user(\n+ pass # Swimmer: Impl here!\n- WormConfiguration.user_to_add,\n- WormConfiguration.remote_user_pass)\n- super(BackdoorUser, self).__init__(\n- POST_BREACH_BACKDOOR_USER,\n- linux_cmd=' '.join(linux_cmds),\n- windows_cmd=windows_cmds)\ndiff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py\nindex 086a1c13..da99e86c 100644\n--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py\n+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py\n@@ -1,5 +1,5 @@\n from common.data.post_breach_consts import (\n- POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER)\n+ POST_BREACH_COMMUNICATE_AS_NEW_USER)\n from monkey_island.cc.services.attack.technique_reports.pba_technique import \\\n PostBreachTechnique\n \n@@ -11,4 +11,4 @@\n unscanned_msg = \"Monkey didn't try creating a new user on the network's systems.\"\n scanned_msg = \"Monkey tried creating a new user on the network's systems, but failed.\"\n used_msg = \"Monkey created a new user on the network's systems.\"\n- pba_names = [POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER]\n+ pba_names = [POST_BREACH_COMMUNICATE_AS_NEW_USER]\ndiff --git a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py\nindex f3e2a9bf..2c4aa664 100644\n--- a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py\n+++ b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py\n@@ -4,16 +4,7 @@\n \"might do after breaching a new machine. Used in ATT&CK and Zero trust reports.\",\n \"type\": \"string\",\n \"anyOf\": [\n- {\n+ # Swimmer: Add new PBA here to config!\n- \"type\": \"string\",\n- \"enum\": [\n- \"BackdoorUser\"\n- ],\n- \"title\": \"Back door user\",\n- \"safe\": True,\n- \"info\": \"Attempts to create a new user on the system and delete it afterwards.\",\n- \"attack_techniques\": [\"T1136\"]\n- },\n {\n \"type\": \"string\",\n \"enum\": [\n", "tests": [], "hints": [ "See `ScheduleJobs` PBA for an example of a PBA which only uses shell commands.", "Make sure to add the PBA to the configuration as well.", "MITRE ATT&CK technique T1136 articulates that adversaries may create an account to maintain access to victim systems, therefore, the BackdoorUser PBA is relevant to it. Make sure to map this PBA to the MITRE ATT&CK configuration and report." ], - "files": { + "app_version": "0.3.2", + "file_version": "1.0.4", + "swimmPatch": { "monkey/common/data/post_breach_consts.py": { - "index": [ - "c3bba995..031f9ad0", - "100644" - ], - "fileA": "monkey/common/data/post_breach_consts.py", - "fileB": "monkey/common/data/post_breach_consts.py", - "status": "MODIFIED", - "numLineDeletions": 1, - "numLineAdditions": 1, - "hunkContainers": [ - "JTdCJTIyaHVuayUyMiUzQSU3QiUyMmhlYWRlciUyMiUzQSUyMiU0MCU0MCUyMC0xJTJDNSUyMCUyQjElMkM1JTIwJTQwJTQwJTIyJTJDJTIyY2hhbmdlcyUyMiUzQSU1QiU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMFBPU1RfQlJFQUNIX0NPTU1VTklDQVRFX0FTX05FV19VU0VSJTIwJTNEJTIwJTVDJTIyQ29tbXVuaWNhdGUlMjBhcyUyMG5ldyUyMHVzZXIlNUMlMjIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0ExJTJDJTIyYiUyMiUzQTElN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyZGVsJTIyJTJDJTIybWFyayUyMiUzQSUyMi0lMjIlMkMlMjJkYXRhJTIyJTNBJTIyUE9TVF9CUkVBQ0hfQkFDS0RPT1JfVVNFUiUyMCUzRCUyMCU1QyUyMkJhY2tkb29yJTIwdXNlciU1QyUyMiUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTIlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyYWRkJTIyJTJDJTIybWFyayUyMiUzQSUyMiUyQiUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjMlMjBTd2ltbWVyJTNBJTIwUFVUJTIwVEhFJTIwTkVXJTIwQ09OU1QlMjBIRVJFISUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYiUyMiUzQTIlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjBQT1NUX0JSRUFDSF9GSUxFX0VYRUNVVElPTiUyMCUzRCUyMCU1QyUyMkZpbGUlMjBleGVjdXRpb24lNUMlMjIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0EzJTJDJTIyYiUyMiUzQTMlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjBQT1NUX0JSRUFDSF9TSEVMTF9TVEFSVFVQX0ZJTEVfTU9ESUZJQ0FUSU9OJTIwJTNEJTIwJTVDJTIyTW9kaWZ5JTIwc2hlbGwlMjBzdGFydHVwJTIwZmlsZSU1QyUyMiUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTQlMkMlMjJiJTIyJTNBNCU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMFBPU1RfQlJFQUNIX0hJRERFTl9GSUxFUyUyMCUzRCUyMCU1QyUyMkhpZGUlMjBmaWxlcyUyMGFuZCUyMGRpcmVjdG9yaWVzJTVDJTIyJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBNSUyQyUyMmIlMjIlM0E1JTdEJTdEJTVEJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBJTdCJTIyc3RhcnRMaW5lJTIyJTNBMSUyQyUyMmxpbmVzQ291bnQlMjIlM0E1JTdEJTJDJTIyYiUyMiUzQSU3QiUyMnN0YXJ0TGluZSUyMiUzQTElMkMlMjJsaW5lc0NvdW50JTIyJTNBNSU3RCU3RCU3RCU3RA==" + "diffType": "MODIFIED", + "fileDiffHeader": "diff --git a/monkey/common/data/post_breach_consts.py b/monkey/common/data/post_breach_consts.py\nindex c3bba995..031f9ad0 100644\n--- a/monkey/common/data/post_breach_consts.py\n+++ b/monkey/common/data/post_breach_consts.py", + "hunks": [ + { + "swimmHunkMetadata": { + "hunkComments": [] + }, + "hunkDiffLines": [ + "@@ -1,5 +1,5 @@", + " POST_BREACH_COMMUNICATE_AS_NEW_USER = \"Communicate as new user\"", + "-POST_BREACH_BACKDOOR_USER = \"Backdoor user\"", + "+# Swimmer: PUT THE NEW CONST HERE!", + " POST_BREACH_FILE_EXECUTION = \"File execution\"", + " POST_BREACH_SHELL_STARTUP_FILE_MODIFICATION = \"Modify shell startup file\"", + " POST_BREACH_HIDDEN_FILES = \"Hide files and directories\"" + ] + } ] }, "monkey/infection_monkey/post_breach/actions/add_user.py": { - "index": [ - "58be89a1..d8476a97", - "100644" - ], - "fileA": "monkey/infection_monkey/post_breach/actions/add_user.py", - "fileB": "monkey/infection_monkey/post_breach/actions/add_user.py", - "status": "MODIFIED", - "numLineDeletions": 9, - "numLineAdditions": 1, - "hunkContainers": [ - "JTdCJTIyaHVuayUyMiUzQSU3QiUyMmhlYWRlciUyMiUzQSUyMiU0MCU0MCUyMC0xJTJDMTUlMjAlMkIxJTJDNyUyMCU0MCU0MCUyMiUyQyUyMmNoYW5nZXMlMjIlM0ElNUIlN0IlMjJ0eXBlJTIyJTNBJTIyZGVsJTIyJTJDJTIybWFyayUyMiUzQSUyMi0lMjIlMkMlMjJkYXRhJTIyJTNBJTIyZnJvbSUyMGNvbW1vbi5kYXRhLnBvc3RfYnJlYWNoX2NvbnN0cyUyMGltcG9ydCUyMFBPU1RfQlJFQUNIX0JBQ0tET09SX1VTRVIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0ExJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMmZyb20lMjBpbmZlY3Rpb25fbW9ua2V5LmNvbmZpZyUyMGltcG9ydCUyMFdvcm1Db25maWd1cmF0aW9uJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBMiU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMGZyb20lMjBpbmZlY3Rpb25fbW9ua2V5LnBvc3RfYnJlYWNoLnBiYSUyMGltcG9ydCUyMFBCQSUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTMlMkMlMjJiJTIyJTNBMSU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMGZyb20lMjBpbmZlY3Rpb25fbW9ua2V5LnV0aWxzLnVzZXJzJTIwaW1wb3J0JTIwZ2V0X2NvbW1hbmRzX3RvX2FkZF91c2VyJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBNCUyQyUyMmIlMjIlM0EyJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmNvbnRleHQlMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBNSUyQyUyMmIlMjIlM0EzJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmNvbnRleHQlMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBNiUyQyUyMmIlMjIlM0E0JTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmNvbnRleHQlMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwY2xhc3MlMjBCYWNrZG9vclVzZXIoUEJBKSUzQSUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTclMkMlMjJiJTIyJTNBNSU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMGRlZiUyMF9faW5pdF9fKHNlbGYpJTNBJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBOCUyQyUyMmIlMjIlM0E2JTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMGxpbnV4X2NtZHMlMkMlMjB3aW5kb3dzX2NtZHMlMjAlM0QlMjBnZXRfY29tbWFuZHNfdG9fYWRkX3VzZXIoJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBOSU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJkZWwlMjIlMkMlMjJtYXJrJTIyJTNBJTIyLSUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjBXb3JtQ29uZmlndXJhdGlvbi51c2VyX3RvX2FkZCUyQyUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTEwJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMFdvcm1Db25maWd1cmF0aW9uLnJlbW90ZV91c2VyX3Bhc3MpJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBMTElN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyZGVsJTIyJTJDJTIybWFyayUyMiUzQSUyMi0lMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwc3VwZXIoQmFja2Rvb3JVc2VyJTJDJTIwc2VsZikuX19pbml0X18oJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBMTIlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyZGVsJTIyJTJDJTIybWFyayUyMiUzQSUyMi0lMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwUE9TVF9CUkVBQ0hfQkFDS0RPT1JfVVNFUiUyQyUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTEzJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMGxpbnV4X2NtZCUzRCclMjAnLmpvaW4obGludXhfY21kcyklMkMlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0ExNCU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJkZWwlMjIlMkMlMjJtYXJrJTIyJTNBJTIyLSUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjB3aW5kb3dzX2NtZCUzRHdpbmRvd3NfY21kcyklMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0ExNSU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJhZGQlMjIlMkMlMjJtYXJrJTIyJTNBJTIyJTJCJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMHBhc3MlMjAlMjAlMjMlMjBTd2ltbWVyJTNBJTIwSW1wbCUyMGhlcmUhJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJiJTIyJTNBNyU3RCU3RCU1RCUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQSU3QiUyMnN0YXJ0TGluZSUyMiUzQTElMkMlMjJsaW5lc0NvdW50JTIyJTNBMTUlN0QlMkMlMjJiJTIyJTNBJTdCJTIyc3RhcnRMaW5lJTIyJTNBMSUyQyUyMmxpbmVzQ291bnQlMjIlM0E3JTdEJTdEJTdEJTdE" + "diffType": "MODIFIED", + "fileDiffHeader": "diff --git a/monkey/infection_monkey/post_breach/actions/add_user.py b/monkey/infection_monkey/post_breach/actions/add_user.py\nindex 58be89a1..d8476a97 100644\n--- a/monkey/infection_monkey/post_breach/actions/add_user.py\n+++ b/monkey/infection_monkey/post_breach/actions/add_user.py", + "hunks": [ + { + "swimmHunkMetadata": { + "hunkComments": [] + }, + "hunkDiffLines": [ + "@@ -1,15 +1,7 @@", + "-from common.data.post_breach_consts import POST_BREACH_BACKDOOR_USER", + "-from infection_monkey.config import WormConfiguration", + " from infection_monkey.post_breach.pba import PBA", + " from infection_monkey.utils.users import get_commands_to_add_user", + " ", + " ", + " class BackdoorUser(PBA):", + " def __init__(self):", + "- linux_cmds, windows_cmds = get_commands_to_add_user(", + "+ pass # Swimmer: Impl here!", + "- WormConfiguration.user_to_add,", + "- WormConfiguration.remote_user_pass)", + "- super(BackdoorUser, self).__init__(", + "- POST_BREACH_BACKDOOR_USER,", + "- linux_cmd=' '.join(linux_cmds),", + "- windows_cmd=windows_cmds)" + ] + } ] }, "monkey/monkey_island/cc/services/attack/technique_reports/T1136.py": { - "index": [ - "086a1c13..da99e86c", - "100644" - ], - "fileA": "monkey/monkey_island/cc/services/attack/technique_reports/T1136.py", - "fileB": "monkey/monkey_island/cc/services/attack/technique_reports/T1136.py", - "status": "MODIFIED", - "numLineDeletions": 2, - "numLineAdditions": 2, - "hunkContainers": [ - "JTdCJTIyaHVuayUyMiUzQSU3QiUyMmhlYWRlciUyMiUzQSUyMiU0MCU0MCUyMC0xJTJDNSUyMCUyQjElMkM1JTIwJTQwJTQwJTIyJTJDJTIyY2hhbmdlcyUyMiUzQSU1QiU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMGZyb20lMjBjb21tb24uZGF0YS5wb3N0X2JyZWFjaF9jb25zdHMlMjBpbXBvcnQlMjAoJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBMSUyQyUyMmIlMjIlM0ExJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMFBPU1RfQlJFQUNIX0JBQ0tET09SX1VTRVIlMkMlMjBQT1NUX0JSRUFDSF9DT01NVU5JQ0FURV9BU19ORVdfVVNFUiklMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0EyJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmFkZCUyMiUyQyUyMm1hcmslMjIlM0ElMjIlMkIlMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwJTIwJTIwJTIwUE9TVF9CUkVBQ0hfQ09NTVVOSUNBVEVfQVNfTkVXX1VTRVIpJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJiJTIyJTNBMiU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMGZyb20lMjBtb25rZXlfaXNsYW5kLmNjLnNlcnZpY2VzLmF0dGFjay50ZWNobmlxdWVfcmVwb3J0cy5wYmFfdGVjaG5pcXVlJTIwaW1wb3J0JTIwJTVDJTVDJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBMyUyQyUyMmIlMjIlM0EzJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmNvbnRleHQlMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwJTIwJTIwJTIwJTIwUG9zdEJyZWFjaFRlY2huaXF1ZSUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTQlMkMlMjJiJTIyJTNBNCU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTUlMkMlMjJiJTIyJTNBNSU3RCU3RCU1RCUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQSU3QiUyMnN0YXJ0TGluZSUyMiUzQTElMkMlMjJsaW5lc0NvdW50JTIyJTNBNSU3RCUyQyUyMmIlMjIlM0ElN0IlMjJzdGFydExpbmUlMjIlM0ExJTJDJTIybGluZXNDb3VudCUyMiUzQTUlN0QlN0QlN0QlN0Q=", - "JTdCJTIyaHVuayUyMiUzQSU3QiUyMmhlYWRlciUyMiUzQSUyMiU0MCU0MCUyMC0xMSUyQzQlMjAlMkIxMSUyQzQlMjAlNDAlNDAlMjBjbGFzcyUyMFQxMTM2KFBvc3RCcmVhY2hUZWNobmlxdWUpJTNBJTIyJTJDJTIyY2hhbmdlcyUyMiUzQSU1QiU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMHVuc2Nhbm5lZF9tc2clMjAlM0QlMjAlNUMlMjJNb25rZXklMjBkaWRuJ3QlMjB0cnklMjBjcmVhdGluZyUyMGElMjBuZXclMjB1c2VyJTIwb24lMjB0aGUlMjBuZXR3b3JrJ3MlMjBzeXN0ZW1zLiU1QyUyMiUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTExJTJDJTIyYiUyMiUzQTExJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmNvbnRleHQlMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwJTIwJTIwJTIwJTIwc2Nhbm5lZF9tc2clMjAlM0QlMjAlNUMlMjJNb25rZXklMjB0cmllZCUyMGNyZWF0aW5nJTIwYSUyMG5ldyUyMHVzZXIlMjBvbiUyMHRoZSUyMG5ldHdvcmsncyUyMHN5c3RlbXMlMkMlMjBidXQlMjBmYWlsZWQuJTVDJTIyJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBMTIlMkMlMjJiJTIyJTNBMTIlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjB1c2VkX21zZyUyMCUzRCUyMCU1QyUyMk1vbmtleSUyMGNyZWF0ZWQlMjBhJTIwbmV3JTIwdXNlciUyMG9uJTIwdGhlJTIwbmV0d29yaydzJTIwc3lzdGVtcy4lNUMlMjIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0ExMyUyQyUyMmIlMjIlM0ExMyU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJkZWwlMjIlMkMlMjJtYXJrJTIyJTNBJTIyLSUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjBwYmFfbmFtZXMlMjAlM0QlMjAlNUJQT1NUX0JSRUFDSF9CQUNLRE9PUl9VU0VSJTJDJTIwUE9TVF9CUkVBQ0hfQ09NTVVOSUNBVEVfQVNfTkVXX1VTRVIlNUQlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0ExNCU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJhZGQlMjIlMkMlMjJtYXJrJTIyJTNBJTIyJTJCJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMHBiYV9uYW1lcyUyMCUzRCUyMCU1QlBPU1RfQlJFQUNIX0NPTU1VTklDQVRFX0FTX05FV19VU0VSJTVEJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJiJTIyJTNBMTQlN0QlN0QlNUQlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0ElN0IlMjJzdGFydExpbmUlMjIlM0ExMSUyQyUyMmxpbmVzQ291bnQlMjIlM0E0JTdEJTJDJTIyYiUyMiUzQSU3QiUyMnN0YXJ0TGluZSUyMiUzQTExJTJDJTIybGluZXNDb3VudCUyMiUzQTQlN0QlN0QlN0QlN0Q=" + "diffType": "MODIFIED", + "fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py\nindex 086a1c13..da99e86c 100644\n--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py\n+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py", + "hunks": [ + { + "swimmHunkMetadata": { + "hunkComments": [] + }, + "hunkDiffLines": [ + "@@ -1,5 +1,5 @@", + " from common.data.post_breach_consts import (", + "- POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER)", + "+ POST_BREACH_COMMUNICATE_AS_NEW_USER)", + " from monkey_island.cc.services.attack.technique_reports.pba_technique import \\", + " PostBreachTechnique", + " " + ] + }, + { + "swimmHunkMetadata": { + "hunkComments": [] + }, + "hunkDiffLines": [ + "@@ -11,4 +11,4 @@", + " unscanned_msg = \"Monkey didn't try creating a new user on the network's systems.\"", + " scanned_msg = \"Monkey tried creating a new user on the network's systems, but failed.\"", + " used_msg = \"Monkey created a new user on the network's systems.\"", + "- pba_names = [POST_BREACH_BACKDOOR_USER, POST_BREACH_COMMUNICATE_AS_NEW_USER]", + "+ pba_names = [POST_BREACH_COMMUNICATE_AS_NEW_USER]" + ] + } ] }, "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py": { - "index": [ - "f3e2a9bf..2c4aa664", - "100644" - ], - "fileA": "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py", - "fileB": "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py", - "status": "MODIFIED", - "numLineDeletions": 9, - "numLineAdditions": 1, - "hunkContainers": [ - "JTdCJTIyaHVuayUyMiUzQSU3QiUyMmhlYWRlciUyMiUzQSUyMiU0MCU0MCUyMC00JTJDMTUlMjAlMkI0JTJDNyUyMCU0MCU0MCUyMFBPU1RfQlJFQUNIX0FDVElPTlMlMjAlM0QlMjAlN0IlMjIlMkMlMjJjaGFuZ2VzJTIyJTNBJTVCJTdCJTIydHlwZSUyMiUzQSUyMmNvbnRleHQlMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVDJTIybWlnaHQlMjBkbyUyMGFmdGVyJTIwYnJlYWNoaW5nJTIwYSUyMG5ldyUyMG1hY2hpbmUuJTIwVXNlZCUyMGluJTIwQVRUJTI2Q0slMjBhbmQlMjBaZXJvJTIwdHJ1c3QlMjByZXBvcnRzLiU1QyUyMiUyQyUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTQlMkMlMjJiJTIyJTNBNCU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCU1QyUyMnR5cGUlNUMlMjIlM0ElMjAlNUMlMjJzdHJpbmclNUMlMjIlMkMlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E1JTJDJTIyYiUyMiUzQTUlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlNUMlMjJhbnlPZiU1QyUyMiUzQSUyMCU1QiUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTYlMkMlMjJiJTIyJTNBNiU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJkZWwlMjIlMkMlMjJtYXJrJTIyJTNBJTIyLSUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlN0IlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E3JTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1QyUyMnR5cGUlNUMlMjIlM0ElMjAlNUMlMjJzdHJpbmclNUMlMjIlMkMlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E4JTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1QyUyMmVudW0lNUMlMjIlM0ElMjAlNUIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0E5JTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1QyUyMkJhY2tkb29yVXNlciU1QyUyMiUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTEwJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1RCUyQyUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTExJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1QyUyMnRpdGxlJTVDJTIyJTNBJTIwJTVDJTIyQmFjayUyMGRvb3IlMjB1c2VyJTVDJTIyJTJDJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBMTIlN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyZGVsJTIyJTJDJTIybWFyayUyMiUzQSUyMi0lMjIlMkMlMjJkYXRhJTIyJTNBJTIyJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTVDJTIyaW5mbyU1QyUyMiUzQSUyMCU1QyUyMkF0dGVtcHRzJTIwdG8lMjBjcmVhdGUlMjBhJTIwbmV3JTIwdXNlciUyMG9uJTIwdGhlJTIwc3lzdGVtJTIwYW5kJTIwZGVsZXRlJTIwaXQlMjBhZnRlcndhcmRzLiU1QyUyMiUyQyUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTEzJTdEJTdEJTJDJTdCJTIydHlwZSUyMiUzQSUyMmRlbCUyMiUyQyUyMm1hcmslMjIlM0ElMjItJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1QyUyMmF0dGFja190ZWNobmlxdWVzJTVDJTIyJTNBJTIwJTVCJTVDJTIyVDExMzYlNUMlMjIlNUQlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0ExNCU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJkZWwlMjIlMkMlMjJtYXJrJTIyJTNBJTIyLSUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlN0QlMkMlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0ExNSU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJhZGQlMjIlMkMlMjJtYXJrJTIyJTNBJTIyJTJCJTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMyUyMFN3aW1tZXIlM0ElMjBBZGQlMjBuZXclMjBQQkElMjBoZXJlJTIwdG8lMjBjb25maWchJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJiJTIyJTNBNyU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU3QiUyMiUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQTE2JTJDJTIyYiUyMiUzQTglN0QlN0QlMkMlN0IlMjJ0eXBlJTIyJTNBJTIyY29udGV4dCUyMiUyQyUyMmRhdGElMjIlM0ElMjIlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlNUMlMjJ0eXBlJTVDJTIyJTNBJTIwJTVDJTIyc3RyaW5nJTVDJTIyJTJDJTIyJTJDJTIybGluZU51bWJlcnMlMjIlM0ElN0IlMjJhJTIyJTNBMTclMkMlMjJiJTIyJTNBOSU3RCU3RCUyQyU3QiUyMnR5cGUlMjIlM0ElMjJjb250ZXh0JTIyJTJDJTIyZGF0YSUyMiUzQSUyMiUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCU1QyUyMmVudW0lNUMlMjIlM0ElMjAlNUIlMjIlMkMlMjJsaW5lTnVtYmVycyUyMiUzQSU3QiUyMmElMjIlM0ExOCUyQyUyMmIlMjIlM0ExMCU3RCU3RCU1RCUyQyUyMmxpbmVOdW1iZXJzJTIyJTNBJTdCJTIyYSUyMiUzQSU3QiUyMnN0YXJ0TGluZSUyMiUzQTQlMkMlMjJsaW5lc0NvdW50JTIyJTNBMTUlN0QlMkMlMjJiJTIyJTNBJTdCJTIyc3RhcnRMaW5lJTIyJTNBNCUyQyUyMmxpbmVzQ291bnQlMjIlM0E3JTdEJTdEJTdEJTdE" + "diffType": "MODIFIED", + "fileDiffHeader": "diff --git a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py\nindex f3e2a9bf..2c4aa664 100644\n--- a/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py\n+++ b/monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py", + "hunks": [ + { + "swimmHunkMetadata": { + "hunkComments": [] + }, + "hunkDiffLines": [ + "@@ -4,16 +4,7 @@", + " \"might do after breaching a new machine. Used in ATT&CK and Zero trust reports.\",", + " \"type\": \"string\",", + " \"anyOf\": [", + "- {", + "+ # Swimmer: Add new PBA here to config!", + "- \"type\": \"string\",", + "- \"enum\": [", + "- \"BackdoorUser\"", + "- ],", + "- \"title\": \"Back door user\",", + "- \"safe\": True,", + "- \"info\": \"Attempts to create a new user on the system and delete it afterwards.\",", + "- \"attack_techniques\": [\"T1136\"]", + "- },", + " {", + " \"type\": \"string\",", + " \"enum\": [" + ] + } ] } }, - "app_version": "0.1.90", - "file_version": "1.0.2" + "hunksOrder": [ + "monkey/common/data/post_breach_consts.py_0", + "monkey/infection_monkey/post_breach/actions/add_user.py_0", + "monkey/monkey_island/cc/services/attack/technique_reports/T1136.py_0", + "monkey/monkey_island/cc/services/attack/technique_reports/T1136.py_1", + "monkey/monkey_island/cc/services/config_schema/definitions/post_breach_actions.py_0" + ], + "last_commit_sha_for_swimm_patch": "9d9e8168fb2c23367b9947273aa1a041687b3e2e" } \ No newline at end of file