Added elasticsearch test

This commit is contained in:
Shay Nehmad 2019-08-22 16:18:37 +03:00
parent 3fef55eefa
commit af8c7dc29f
1 changed files with 18 additions and 0 deletions

View File

@ -12,6 +12,7 @@ def test_open_data_endpoints(telemetry_json):
services = telemetry_json["data"]["machine"]["services"] services = telemetry_json["data"]["machine"]["services"]
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid']) current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
found_http_server_status = STATUS_POSITIVE found_http_server_status = STATUS_POSITIVE
found_elastic_search_server = STATUS_POSITIVE
events = [ events = [
Event.create_event( Event.create_event(
@ -41,6 +42,17 @@ def test_open_data_endpoints(telemetry_json):
), ),
event_type=EVENT_TYPE_ISLAND event_type=EVENT_TYPE_ISLAND
)) ))
if service_name in 'elastic-search-9200':
found_elastic_search_server = STATUS_CONCLUSIVE
events.append(Event.create_event(
title="Scan telemetry analysis",
message="Service {} on {} recognized as an open data endpoint! Service details: {}".format(
service_data["display_name"],
telemetry_json["data"]["machine"]["ip_addr"],
json.dumps(service_data)
),
event_type=EVENT_TYPE_ISLAND
))
Finding.save_finding( Finding.save_finding(
test=TEST_DATA_ENDPOINT_HTTP, test=TEST_DATA_ENDPOINT_HTTP,
@ -48,6 +60,12 @@ def test_open_data_endpoints(telemetry_json):
events=events events=events
) )
Finding.save_finding(
test=TEST_DATA_ENDPOINT_ELASTIC,
status=found_elastic_search_server,
events=events
)
Finding.save_finding( Finding.save_finding(
test=TEST_MALICIOUS_ACTIVITY_TIMELINE, test=TEST_MALICIOUS_ACTIVITY_TIMELINE,
status=STATUS_INCONCLUSIVE, status=STATUS_INCONCLUSIVE,