Agent: Define MIMIKATZ_EVENT_TAGS as a frozenset

This commit is contained in:
Shreya Malviya 2022-08-17 17:28:18 +05:30
parent f9f3daffa7
commit 3dca01d5d5
1 changed files with 8 additions and 6 deletions

View File

@ -17,11 +17,13 @@ MIMIKATZ_CREDENTIAL_COLLECTOR_TAG = "mimikatz-credentials-collector"
T1003_ATTACK_TECHNIQUE_TAG = "attack-t1003" T1003_ATTACK_TECHNIQUE_TAG = "attack-t1003"
T1005_ATTACK_TECHNIQUE_TAG = "attack-t1005" T1005_ATTACK_TECHNIQUE_TAG = "attack-t1005"
MIMIKATZ_EVENT_TAGS = { MIMIKATZ_EVENT_TAGS = frozenset(
(
MIMIKATZ_CREDENTIAL_COLLECTOR_TAG, MIMIKATZ_CREDENTIAL_COLLECTOR_TAG,
T1003_ATTACK_TECHNIQUE_TAG, T1003_ATTACK_TECHNIQUE_TAG,
T1005_ATTACK_TECHNIQUE_TAG, T1005_ATTACK_TECHNIQUE_TAG,
} )
)
class MimikatzCredentialCollector(ICredentialCollector): class MimikatzCredentialCollector(ICredentialCollector):
@ -74,7 +76,7 @@ class MimikatzCredentialCollector(ICredentialCollector):
def _publish_credentials_stolen_event(self, collected_credentials: Sequence[Credentials]): def _publish_credentials_stolen_event(self, collected_credentials: Sequence[Credentials]):
credentials_stolen_event = CredentialsStolenEvent( credentials_stolen_event = CredentialsStolenEvent(
tags=frozenset(MIMIKATZ_EVENT_TAGS), tags=MIMIKATZ_EVENT_TAGS,
stolen_credentials=collected_credentials, stolen_credentials=collected_credentials,
) )