forked from p34709852/monkey
Island: change ransomware report table to return the amount of files encrypted and the number of total encryption attempts
This commit is contained in:
VakarisZ
parent
10a375ea66
commit
f8cbd4cb33
|
|
@ -8,19 +8,36 @@ from monkey_island.cc.services.reporting.report import ReportService
|
||||||
def get_encrypted_files_table():
|
def get_encrypted_files_table():
|
||||||
query = [
|
query = [
|
||||||
{"$match": {"telem_category": "file_encryption"}},
|
{"$match": {"telem_category": "file_encryption"}},
|
||||||
{"$unwind": "$data.files"},
|
{"$addFields": {"total_attempts": {"$size": "$data.files"}}},
|
||||||
|
{
|
||||||
|
"$addFields": {
|
||||||
|
"successful_encryptions": {
|
||||||
|
"$filter": {
|
||||||
|
"input": "$data.files",
|
||||||
|
"as": "files",
|
||||||
|
"cond": {"$eq": ["$$files.success", True]},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{"$addFields": {"successful_encryptions": {"$size": "$successful_encryptions"}}},
|
||||||
{
|
{
|
||||||
"$group": {
|
"$group": {
|
||||||
"_id": {"monkey_guid": "$monkey_guid", "files_encrypted": "$data.files.success"}
|
"_id": {
|
||||||
|
"monkey_guid": "$monkey_guid",
|
||||||
|
"successful_encryptions": "$successful_encryptions",
|
||||||
|
"total_attempts": "$total_attempts",
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{"$replaceRoot": {"newRoot": "$_id"}},
|
{"$replaceRoot": {"newRoot": "$_id"}},
|
||||||
{"$sort": {"files_encrypted": -1}},
|
{"$sort": {"successful_encryptions": -1}},
|
||||||
{
|
{
|
||||||
"$group": {
|
"$group": {
|
||||||
"_id": {"monkey_guid": "$monkey_guid"},
|
"_id": {"monkey_guid": "$monkey_guid"},
|
||||||
"monkey_guid": {"$first": "$monkey_guid"},
|
"monkey_guid": {"$first": "$monkey_guid"},
|
||||||
"files_encrypted": {"$first": "$files_encrypted"},
|
"total_attempts": {"$first": "$total_attempts"},
|
||||||
|
"successful_encryptions": {"$first": "$successful_encryptions"},
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
@ -34,7 +51,8 @@ def get_encrypted_files_table():
|
||||||
{
|
{
|
||||||
"$project": {
|
"$project": {
|
||||||
"monkey": {"$arrayElemAt": ["$monkey", 0]},
|
"monkey": {"$arrayElemAt": ["$monkey", 0]},
|
||||||
"files_encrypted": "$files_encrypted",
|
"total_attempts": "$total_attempts",
|
||||||
|
"successful_encryptions": "$successful_encryptions",
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
]
|
]
|
||||||
|
|
|
||||||
|
|
@ -46,8 +46,18 @@ def test_get_encrypted_files_table(fake_mongo, monkeypatch):
|
||||||
results = get_encrypted_files_table()
|
results = get_encrypted_files_table()
|
||||||
|
|
||||||
assert results == [
|
assert results == [
|
||||||
{"hostname": "test-pc-2", "exploits": ["Manual execution"], "files_encrypted": True},
|
{
|
||||||
{"hostname": "WinDev2010Eval", "exploits": ["SMB Exploiter"], "files_encrypted": True},
|
"hostname": "test-pc-2",
|
||||||
|
"exploits": ["Manual execution"],
|
||||||
|
"successful_encryptions": 3,
|
||||||
|
"total_attempts": 3,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"hostname": "WinDev2010Eval",
|
||||||
|
"exploits": ["SMB Exploiter"],
|
||||||
|
"successful_encryptions": 1,
|
||||||
|
"total_attempts": 1,
|
||||||
|
},
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -68,7 +78,12 @@ def test_get_encrypted_files_table__only_errors(fake_mongo, monkeypatch):
|
||||||
results = get_encrypted_files_table()
|
results = get_encrypted_files_table()
|
||||||
|
|
||||||
assert results == [
|
assert results == [
|
||||||
{"hostname": "test-pc-2", "exploits": ["Manual execution"], "files_encrypted": False}
|
{
|
||||||
|
"hostname": "test-pc-2",
|
||||||
|
"exploits": ["Manual execution"],
|
||||||
|
"successful_encryptions": 0,
|
||||||
|
"total_attempts": 1,
|
||||||
|
}
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue