forked from p15670423/monkey
Change logic for checking technique status
This commit is contained in:
Shreya
parent
76aae1faec
commit
98ef46b4ec
|
|
@ -19,10 +19,15 @@ class T1003(AttackTechnique):
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
data = {'title': T1003.technique_title()}
|
data = {'title': T1003.technique_title()}
|
||||||
if mongo.db.telemetry.count_documents(T1003.query):
|
|
||||||
status = ScanStatus.USED.value
|
if not T1003.is_enabled_in_config():
|
||||||
|
status = ScanStatus.DISABLED.value
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
if mongo.db.telemetry.count_documents(T1003.query):
|
||||||
|
status = ScanStatus.USED.value
|
||||||
|
else:
|
||||||
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
|
||||||
data.update(T1003.get_message_and_status(status))
|
data.update(T1003.get_message_and_status(status))
|
||||||
data.update(T1003.get_mitigation_by_status(status))
|
data.update(T1003.get_mitigation_by_status(status))
|
||||||
data['stolen_creds'] = ReportService.get_stolen_creds()
|
data['stolen_creds'] = ReportService.get_stolen_creds()
|
||||||
|
|
|
||||||
|
|
@ -27,8 +27,14 @@ class T1016(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
network_info = list(mongo.db.telemetry.aggregate(T1016.query))
|
network_info = []
|
||||||
status = ScanStatus.USED.value if network_info else ScanStatus.UNSCANNED.value
|
|
||||||
|
if not T1016.is_enabled_in_config():
|
||||||
|
status = ScanStatus.DISABLED.value
|
||||||
|
else:
|
||||||
|
network_info = list(mongo.db.telemetry.aggregate(T1016.query))
|
||||||
|
status = ScanStatus.USED.value if network_info else ScanStatus.UNSCANNED.value
|
||||||
|
|
||||||
data = T1016.get_base_data_by_status(status)
|
data = T1016.get_base_data_by_status(status)
|
||||||
data.update({'network_info': network_info})
|
data.update({'network_info': network_info})
|
||||||
return data
|
return data
|
||||||
|
|
|
||||||
|
|
@ -28,11 +28,17 @@ class T1018(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
scan_info = list(mongo.db.telemetry.aggregate(T1018.query))
|
scan_info = []
|
||||||
if scan_info:
|
|
||||||
status = ScanStatus.USED.value
|
if not T1018.is_enabled_in_config():
|
||||||
|
status = ScanStatus.DISABLED.value
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
scan_info = list(mongo.db.telemetry.aggregate(T1018.query))
|
||||||
|
if scan_info:
|
||||||
|
status = ScanStatus.USED.value
|
||||||
|
else:
|
||||||
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
|
||||||
data = T1018.get_base_data_by_status(status)
|
data = T1018.get_base_data_by_status(status)
|
||||||
data.update({'scan_info': scan_info})
|
data.update({'scan_info': scan_info})
|
||||||
return data
|
return data
|
||||||
|
|
|
||||||
|
|
@ -34,18 +34,23 @@ class T1021(AttackTechnique):
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
attempts = []
|
attempts = []
|
||||||
if mongo.db.telemetry.count_documents(T1021.scanned_query):
|
|
||||||
attempts = list(mongo.db.telemetry.aggregate(T1021.query))
|
if not T1021.is_enabled_in_config():
|
||||||
if attempts:
|
status = ScanStatus.DISABLED.value
|
||||||
status = ScanStatus.USED.value
|
|
||||||
for result in attempts:
|
|
||||||
result['successful_creds'] = []
|
|
||||||
for attempt in result['attempts']:
|
|
||||||
result['successful_creds'].append(parse_creds(attempt))
|
|
||||||
else:
|
|
||||||
status = ScanStatus.SCANNED.value
|
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
if mongo.db.telemetry.count_documents(T1021.scanned_query):
|
||||||
|
attempts = list(mongo.db.telemetry.aggregate(T1021.query))
|
||||||
|
if attempts:
|
||||||
|
status = ScanStatus.USED.value
|
||||||
|
for result in attempts:
|
||||||
|
result['successful_creds'] = []
|
||||||
|
for attempt in result['attempts']:
|
||||||
|
result['successful_creds'].append(parse_creds(attempt))
|
||||||
|
else:
|
||||||
|
status = ScanStatus.SCANNED.value
|
||||||
|
else:
|
||||||
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
|
||||||
data = T1021.get_base_data_by_status(status)
|
data = T1021.get_base_data_by_status(status)
|
||||||
data.update({'services': attempts})
|
data.update({'services': attempts})
|
||||||
return data
|
return data
|
||||||
|
|
|
||||||
|
|
@ -13,14 +13,20 @@ class T1041(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
monkeys = list(Monkey.objects())
|
info = []
|
||||||
info = [{'src': monkey['command_control_channel']['src'],
|
|
||||||
'dst': monkey['command_control_channel']['dst']}
|
if not T1041.is_enabled_in_config():
|
||||||
for monkey in monkeys if monkey['command_control_channel']]
|
status = ScanStatus.DISABLED.value
|
||||||
if info:
|
|
||||||
status = ScanStatus.USED.value
|
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
monkeys = list(Monkey.objects())
|
||||||
|
info = [{'src': monkey['command_control_channel']['src'],
|
||||||
|
'dst': monkey['command_control_channel']['dst']}
|
||||||
|
for monkey in monkeys if monkey['command_control_channel']]
|
||||||
|
if info:
|
||||||
|
status = ScanStatus.USED.value
|
||||||
|
else:
|
||||||
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
|
||||||
data = T1041.get_base_data_by_status(status)
|
data = T1041.get_base_data_by_status(status)
|
||||||
data.update({'command_control_channel': info})
|
data.update({'command_control_channel': info})
|
||||||
return data
|
return data
|
||||||
|
|
|
||||||
|
|
@ -23,12 +23,16 @@ class T1059(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
cmd_data = list(mongo.db.telemetry.aggregate(T1059.query))
|
if not T1059.is_enabled_in_config():
|
||||||
data = {'title': T1059.technique_title(), 'cmds': cmd_data}
|
status = ScanStatus.DISABLED.value
|
||||||
if cmd_data:
|
|
||||||
status = ScanStatus.USED.value
|
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
cmd_data = list(mongo.db.telemetry.aggregate(T1059.query))
|
||||||
|
data = {'title': T1059.technique_title(), 'cmds': cmd_data}
|
||||||
|
if cmd_data:
|
||||||
|
status = ScanStatus.USED.value
|
||||||
|
else:
|
||||||
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
|
||||||
data.update(T1059.get_message_and_status(status))
|
data.update(T1059.get_message_and_status(status))
|
||||||
data.update(T1059.get_mitigation_by_status(status))
|
data.update(T1059.get_mitigation_by_status(status))
|
||||||
return data
|
return data
|
||||||
|
|
|
||||||
|
|
@ -31,14 +31,19 @@ class T1075(AttackTechnique):
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
data = {'title': T1075.technique_title()}
|
data = {'title': T1075.technique_title()}
|
||||||
successful_logins = list(mongo.db.telemetry.aggregate(T1075.query))
|
|
||||||
data.update({'successful_logins': successful_logins})
|
if not T1075.is_enabled_in_config():
|
||||||
if successful_logins:
|
status = ScanStatus.DISABLED.value
|
||||||
status = ScanStatus.USED.value
|
|
||||||
elif mongo.db.telemetry.count_documents(T1075.login_attempt_query):
|
|
||||||
status = ScanStatus.SCANNED.value
|
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
successful_logins = list(mongo.db.telemetry.aggregate(T1075.query))
|
||||||
|
data.update({'successful_logins': successful_logins})
|
||||||
|
if successful_logins:
|
||||||
|
status = ScanStatus.USED.value
|
||||||
|
elif mongo.db.telemetry.count_documents(T1075.login_attempt_query):
|
||||||
|
status = ScanStatus.SCANNED.value
|
||||||
|
else:
|
||||||
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
|
||||||
data.update(T1075.get_message_and_status(status))
|
data.update(T1075.get_message_and_status(status))
|
||||||
data.update(T1075.get_mitigation_by_status(status))
|
data.update(T1075.get_mitigation_by_status(status))
|
||||||
return data
|
return data
|
||||||
|
|
|
||||||
|
|
@ -39,12 +39,17 @@ class T1082(AttackTechnique):
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
data = {'title': T1082.technique_title()}
|
data = {'title': T1082.technique_title()}
|
||||||
system_info = list(mongo.db.telemetry.aggregate(T1082.query))
|
|
||||||
data.update({'system_info': system_info})
|
if not T1082.is_enabled_in_config():
|
||||||
if system_info:
|
status = ScanStatus.DISABLED.value
|
||||||
status = ScanStatus.USED.value
|
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
system_info = list(mongo.db.telemetry.aggregate(T1082.query))
|
||||||
|
data.update({'system_info': system_info})
|
||||||
|
if system_info:
|
||||||
|
status = ScanStatus.USED.value
|
||||||
|
else:
|
||||||
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
|
||||||
data.update(T1082.get_mitigation_by_status(status))
|
data.update(T1082.get_mitigation_by_status(status))
|
||||||
data.update(T1082.get_message_and_status(status))
|
data.update(T1082.get_message_and_status(status))
|
||||||
return data
|
return data
|
||||||
|
|
|
||||||
|
|
@ -25,12 +25,15 @@ class T1086(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
cmd_data = list(mongo.db.telemetry.aggregate(T1086.query))
|
if not T1086.is_enabled_in_config():
|
||||||
data = {'title': T1086.technique_title(), 'cmds': cmd_data}
|
status = ScanStatus.DISABLED.value
|
||||||
if cmd_data:
|
|
||||||
status = ScanStatus.USED.value
|
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
cmd_data = list(mongo.db.telemetry.aggregate(T1086.query))
|
||||||
|
data = {'title': T1086.technique_title(), 'cmds': cmd_data}
|
||||||
|
if cmd_data:
|
||||||
|
status = ScanStatus.USED.value
|
||||||
|
else:
|
||||||
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
|
||||||
data.update(T1086.get_mitigation_by_status(status))
|
data.update(T1086.get_mitigation_by_status(status))
|
||||||
data.update(T1086.get_message_and_status(status))
|
data.update(T1086.get_message_and_status(status))
|
||||||
|
|
|
||||||
|
|
@ -13,9 +13,15 @@ class T1090(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
monkeys = Monkey.get_tunneled_monkeys()
|
monkeys = []
|
||||||
monkeys = [monkey.get_network_info() for monkey in monkeys]
|
|
||||||
status = ScanStatus.USED.value if monkeys else ScanStatus.UNSCANNED.value
|
if not T1090.is_enabled_in_config():
|
||||||
|
status = ScanStatus.DISABLED.value
|
||||||
|
else:
|
||||||
|
monkeys = Monkey.get_tunneled_monkeys()
|
||||||
|
monkeys = [monkey.get_network_info() for monkey in monkeys]
|
||||||
|
status = ScanStatus.USED.value if monkeys else ScanStatus.UNSCANNED.value
|
||||||
|
|
||||||
data = T1090.get_base_data_by_status(status)
|
data = T1090.get_base_data_by_status(status)
|
||||||
data.update({'proxies': monkeys})
|
data.update({'proxies': monkeys})
|
||||||
return data
|
return data
|
||||||
|
|
|
||||||
|
|
@ -26,21 +26,27 @@ class T1110(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
attempts = list(mongo.db.telemetry.aggregate(T1110.query))
|
attempts = []
|
||||||
succeeded = False
|
|
||||||
|
|
||||||
for result in attempts:
|
if not T1110.is_enabled_in_config():
|
||||||
result['successful_creds'] = []
|
status = ScanStatus.DISABLED.value
|
||||||
for attempt in result['attempts']:
|
|
||||||
succeeded = True
|
|
||||||
result['successful_creds'].append(parse_creds(attempt))
|
|
||||||
|
|
||||||
if succeeded:
|
|
||||||
status = ScanStatus.USED.value
|
|
||||||
elif attempts:
|
|
||||||
status = ScanStatus.SCANNED.value
|
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
attempts = list(mongo.db.telemetry.aggregate(T1110.query))
|
||||||
|
succeeded = False
|
||||||
|
|
||||||
|
for result in attempts:
|
||||||
|
result['successful_creds'] = []
|
||||||
|
for attempt in result['attempts']:
|
||||||
|
succeeded = True
|
||||||
|
result['successful_creds'].append(parse_creds(attempt))
|
||||||
|
|
||||||
|
if succeeded:
|
||||||
|
status = ScanStatus.USED.value
|
||||||
|
elif attempts:
|
||||||
|
status = ScanStatus.SCANNED.value
|
||||||
|
else:
|
||||||
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
|
||||||
data = T1110.get_base_data_by_status(status)
|
data = T1110.get_base_data_by_status(status)
|
||||||
# Remove data with no successful brute force attempts
|
# Remove data with no successful brute force attempts
|
||||||
attempts = [attempt for attempt in attempts if attempt['attempts']]
|
attempts = [attempt for attempt in attempts if attempt['attempts']]
|
||||||
|
|
|
||||||
|
|
@ -20,12 +20,17 @@ class T1145(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
ssh_info = list(mongo.db.telemetry.aggregate(T1145.query))
|
ssh_info = []
|
||||||
|
|
||||||
if ssh_info:
|
if not T1145.is_enabled_in_config():
|
||||||
status = ScanStatus.USED.value
|
status = ScanStatus.DISABLED.value
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
ssh_info = list(mongo.db.telemetry.aggregate(T1145.query))
|
||||||
|
if ssh_info:
|
||||||
|
status = ScanStatus.USED.value
|
||||||
|
else:
|
||||||
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
|
||||||
data = T1145.get_base_data_by_status(status)
|
data = T1145.get_base_data_by_status(status)
|
||||||
data.update({'ssh_info': ssh_info})
|
data.update({'ssh_info': ssh_info})
|
||||||
return data
|
return data
|
||||||
|
|
|
||||||
|
|
@ -13,19 +13,25 @@ class T1188(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
monkeys = Monkey.get_tunneled_monkeys()
|
|
||||||
hops = []
|
hops = []
|
||||||
for monkey in monkeys:
|
|
||||||
proxy_count = 0
|
if not T1188.is_enabled_in_config():
|
||||||
proxy = initial = monkey
|
status = ScanStatus.DISABLED.value
|
||||||
while proxy.tunnel:
|
else:
|
||||||
proxy_count += 1
|
monkeys = Monkey.get_tunneled_monkeys()
|
||||||
proxy = proxy.tunnel
|
hops = []
|
||||||
if proxy_count > 1:
|
for monkey in monkeys:
|
||||||
hops.append({'from': initial.get_network_info(),
|
proxy_count = 0
|
||||||
'to': proxy.get_network_info(),
|
proxy = initial = monkey
|
||||||
'count': proxy_count})
|
while proxy.tunnel:
|
||||||
status = ScanStatus.USED.value if hops else ScanStatus.UNSCANNED.value
|
proxy_count += 1
|
||||||
|
proxy = proxy.tunnel
|
||||||
|
if proxy_count > 1:
|
||||||
|
hops.append({'from': initial.get_network_info(),
|
||||||
|
'to': proxy.get_network_info(),
|
||||||
|
'count': proxy_count})
|
||||||
|
status = ScanStatus.USED.value if hops else ScanStatus.UNSCANNED.value
|
||||||
|
|
||||||
data = T1188.get_base_data_by_status(status)
|
data = T1188.get_base_data_by_status(status)
|
||||||
data.update({'hops': hops})
|
data.update({'hops': hops})
|
||||||
return data
|
return data
|
||||||
|
|
|
||||||
|
|
@ -13,15 +13,22 @@ class T1210(AttackTechnique):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_report_data():
|
def get_report_data():
|
||||||
|
scanned_services = []
|
||||||
|
exploited_services = []
|
||||||
data = {'title': T1210.technique_title()}
|
data = {'title': T1210.technique_title()}
|
||||||
scanned_services = T1210.get_scanned_services()
|
|
||||||
exploited_services = T1210.get_exploited_services()
|
if not T1210.is_enabled_in_config():
|
||||||
if exploited_services:
|
status = ScanStatus.DISABLED.value
|
||||||
status = ScanStatus.USED.value
|
|
||||||
elif scanned_services:
|
|
||||||
status = ScanStatus.SCANNED.value
|
|
||||||
else:
|
else:
|
||||||
status = ScanStatus.UNSCANNED.value
|
scanned_services = T1210.get_scanned_services()
|
||||||
|
exploited_services = T1210.get_exploited_services()
|
||||||
|
if exploited_services:
|
||||||
|
status = ScanStatus.USED.value
|
||||||
|
elif scanned_services:
|
||||||
|
status = ScanStatus.SCANNED.value
|
||||||
|
else:
|
||||||
|
status = ScanStatus.UNSCANNED.value
|
||||||
|
|
||||||
data.update(T1210.get_message_and_status(status))
|
data.update(T1210.get_message_and_status(status))
|
||||||
data.update(T1210.get_mitigation_by_status(status))
|
data.update(T1210.get_mitigation_by_status(status))
|
||||||
data.update({'scanned_services': scanned_services, 'exploited_services': exploited_services})
|
data.update({'scanned_services': scanned_services, 'exploited_services': exploited_services})
|
||||||
|
|
|
||||||
|
|
@ -63,7 +63,7 @@ class AttackTechnique(object, metaclass=abc.ABCMeta):
|
||||||
Gets the status of a certain attack technique.
|
Gets the status of a certain attack technique.
|
||||||
:return: ScanStatus numeric value
|
:return: ScanStatus numeric value
|
||||||
"""
|
"""
|
||||||
if cls._is_disabled_in_config():
|
if not cls.is_enabled_in_config():
|
||||||
return ScanStatus.DISABLED.value
|
return ScanStatus.DISABLED.value
|
||||||
elif mongo.db.telemetry.find_one({'telem_category': 'attack',
|
elif mongo.db.telemetry.find_one({'telem_category': 'attack',
|
||||||
'data.status': ScanStatus.USED.value,
|
'data.status': ScanStatus.USED.value,
|
||||||
|
|
@ -83,7 +83,6 @@ class AttackTechnique(object, metaclass=abc.ABCMeta):
|
||||||
:param status: Enum from common/attack_utils.py integer value
|
:param status: Enum from common/attack_utils.py integer value
|
||||||
:return: Dict with message and status
|
:return: Dict with message and status
|
||||||
"""
|
"""
|
||||||
status = cls._check_status(status)
|
|
||||||
return {'message': cls.get_message_by_status(status), 'status': status}
|
return {'message': cls.get_message_by_status(status), 'status': status}
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
|
|
@ -93,7 +92,6 @@ class AttackTechnique(object, metaclass=abc.ABCMeta):
|
||||||
:param status: Enum from common/attack_utils.py integer value
|
:param status: Enum from common/attack_utils.py integer value
|
||||||
:return: message string
|
:return: message string
|
||||||
"""
|
"""
|
||||||
status = cls._check_status(status)
|
|
||||||
if status == ScanStatus.DISABLED.value:
|
if status == ScanStatus.DISABLED.value:
|
||||||
return disabled_msg
|
return disabled_msg
|
||||||
if status == ScanStatus.UNSCANNED.value:
|
if status == ScanStatus.UNSCANNED.value:
|
||||||
|
|
@ -127,7 +125,6 @@ class AttackTechnique(object, metaclass=abc.ABCMeta):
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def get_base_data_by_status(cls, status):
|
def get_base_data_by_status(cls, status):
|
||||||
status = cls._check_status(status)
|
|
||||||
data = cls.get_message_and_status(status)
|
data = cls.get_message_and_status(status)
|
||||||
data.update({'title': cls.technique_title()})
|
data.update({'title': cls.technique_title()})
|
||||||
data.update(cls.get_mitigation_by_status(status))
|
data.update(cls.get_mitigation_by_status(status))
|
||||||
|
|
@ -135,7 +132,6 @@ class AttackTechnique(object, metaclass=abc.ABCMeta):
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def get_mitigation_by_status(cls, status: ScanStatus) -> dict:
|
def get_mitigation_by_status(cls, status: ScanStatus) -> dict:
|
||||||
status = cls._check_status(status)
|
|
||||||
if status == ScanStatus.USED.value:
|
if status == ScanStatus.USED.value:
|
||||||
mitigation_document = AttackMitigations.get_mitigation_by_technique_id(str(cls.tech_id))
|
mitigation_document = AttackMitigations.get_mitigation_by_technique_id(str(cls.tech_id))
|
||||||
return {'mitigations': mitigation_document.to_mongo().to_dict()['mitigations']}
|
return {'mitigations': mitigation_document.to_mongo().to_dict()['mitigations']}
|
||||||
|
|
@ -143,11 +139,5 @@ class AttackTechnique(object, metaclass=abc.ABCMeta):
|
||||||
return {}
|
return {}
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def _check_status(cls, status):
|
def is_enabled_in_config(cls) -> bool:
|
||||||
if status == ScanStatus.UNSCANNED.value and not cls._is_enabled_in_config():
|
return AttackConfig.get_technique_values()[cls.tech_id]
|
||||||
return ScanStatus.DISABLED.value
|
|
||||||
return status
|
|
||||||
|
|
||||||
@classmethod
|
|
||||||
def _is_disabled_in_config(cls):
|
|
||||||
return not AttackConfig.get_technique_values()[cls.tech_id]
|
|
||||||
|
|
|
||||||
|
|
@ -39,16 +39,19 @@ class PostBreachTechnique(AttackTechnique, metaclass=abc.ABCMeta):
|
||||||
:return: Technique's report data aggregated from the database
|
:return: Technique's report data aggregated from the database
|
||||||
"""
|
"""
|
||||||
data = {'title': cls.technique_title(), 'info': []}
|
data = {'title': cls.technique_title(), 'info': []}
|
||||||
|
info = []
|
||||||
|
|
||||||
info = list(mongo.db.telemetry.aggregate(cls.get_pba_query(cls.pba_names)))
|
if not cls.is_enabled_in_config():
|
||||||
|
status = ScanStatus.DISABLED.value
|
||||||
status = ScanStatus.UNSCANNED.value
|
else:
|
||||||
if info:
|
info = list(mongo.db.telemetry.aggregate(cls.get_pba_query(cls.pba_names)))
|
||||||
successful_PBAs = mongo.db.telemetry.count({
|
status = ScanStatus.UNSCANNED.value
|
||||||
'$or': [{'data.name': pba_name} for pba_name in cls.pba_names],
|
if info:
|
||||||
'data.result.1': True
|
successful_PBAs = mongo.db.telemetry.count({
|
||||||
})
|
'$or': [{'data.name': pba_name} for pba_name in cls.pba_names],
|
||||||
status = ScanStatus.USED.value if successful_PBAs else ScanStatus.SCANNED.value
|
'data.result.1': True
|
||||||
|
})
|
||||||
|
status = ScanStatus.USED.value if successful_PBAs else ScanStatus.SCANNED.value
|
||||||
|
|
||||||
data.update(cls.get_base_data_by_status(status))
|
data.update(cls.get_base_data_by_status(status))
|
||||||
data.update({'info': info})
|
data.update({'info': info})
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue