p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Refactoring inconclusive to verify and recommendation to principle 

Product writer's orders
This commit is contained in:
Shay Nehmad 2019-09-10 23:44:03 +03:00
parent 5f02ebe1e0
commit cfd0c10d59
21 changed files with 167 additions and 182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
monkey/common/data/zero_trust_consts.py
View File

@ -2,7 +2,7 @@
This file contains all the static data relating to Zero Trust. It is mostly used in the zero trust report generation and
in creating findings.
This file contains static mappings between zero trust components such as: pillars, recommendations, tests, statuses.
This file contains static mappings between zero trust components such as: pillars, principles, tests, statuses.
Some of the mappings are computed when this module is loaded.
"""
@ -17,10 +17,10 @@ PILLARS = (DATA, PEOPLE, NETWORKS, DEVICES, WORKLOADS, VISIBILITY_ANALYTICS, AUT
STATUS_UNEXECUTED = u"Unexecuted"
STATUS_PASSED = u"Passed"
STATUS_INCONCLUSIVE = u"Inconclusive"
STATUS_VERIFY = u"Verify"
STATUS_FAILED = u"Failed"
# Don't change order! The statuses are ordered by importance/severity.
ORDERED_TEST_STATUSES = [STATUS_FAILED, STATUS_INCONCLUSIVE, STATUS_PASSED, STATUS_UNEXECUTED]
ORDERED_TEST_STATUSES = [STATUS_FAILED, STATUS_VERIFY, STATUS_PASSED, STATUS_UNEXECUTED]
TEST_DATA_ENDPOINT_ELASTIC = u"unencrypted_data_endpoint_elastic"
TEST_DATA_ENDPOINT_HTTP = u"unencrypted_data_endpoint_http"
@ -43,27 +43,27 @@ TESTS = (
TEST_COMMUNICATE_AS_NEW_USER
)
RECOMMENDATION_DATA_TRANSIT = u"data_transit"
RECOMMENDATION_ENDPOINT_SECURITY = u"endpoint_security"
RECOMMENDATION_USER_BEHAVIOUR = u"user_behaviour"
RECOMMENDATION_ANALYZE_NETWORK_TRAFFIC = u"analyze_network_traffic"
RECOMMENDATION_SEGMENTATION = u"segmentation"
RECOMMENDATION_RESTRICTIVE_NETWORK_POLICIES = u"network_policies"
RECOMMENDATION_USERS_MAC_POLICIES = u"users_mac_policies"
RECOMMENDATIONS = {
RECOMMENDATION_SEGMENTATION: u"Apply segmentation and micro-segmentation inside your network.",
RECOMMENDATION_ANALYZE_NETWORK_TRAFFIC: u"Analyze network traffic for malicious activity.",
RECOMMENDATION_USER_BEHAVIOUR: u"Adopt security user behavior analytics.",
RECOMMENDATION_ENDPOINT_SECURITY: u"Use anti-virus and other traditional endpoint security solutions.",
RECOMMENDATION_DATA_TRANSIT: u"Secure data at transit by encrypting it.",
RECOMMENDATION_RESTRICTIVE_NETWORK_POLICIES: u"Configure network policies to be as restrictive as possible.",
RECOMMENDATION_USERS_MAC_POLICIES: u"Users' permissions to the network and to resources should be MAC (Mandetory "
PRINCIPLE_DATA_TRANSIT = u"data_transit"
PRINCIPLE_ENDPOINT_SECURITY = u"endpoint_security"
PRINCIPLE_USER_BEHAVIOUR = u"user_behaviour"
PRINCIPLE_ANALYZE_NETWORK_TRAFFIC = u"analyze_network_traffic"
PRINCIPLE_SEGMENTATION = u"segmentation"
PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES = u"network_policies"
PRINCIPLE_USERS_MAC_POLICIES = u"users_mac_policies"
PRINCIPLES = {
PRINCIPLE_SEGMENTATION: u"Apply segmentation and micro-segmentation inside your network.",
PRINCIPLE_ANALYZE_NETWORK_TRAFFIC: u"Analyze network traffic for malicious activity.",
PRINCIPLE_USER_BEHAVIOUR: u"Adopt security user behavior analytics.",
PRINCIPLE_ENDPOINT_SECURITY: u"Use anti-virus and other traditional endpoint security solutions.",
PRINCIPLE_DATA_TRANSIT: u"Secure data at transit by encrypting it.",
PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES: u"Configure network policies to be as restrictive as possible.",
PRINCIPLE_USERS_MAC_POLICIES: u"Users' permissions to the network and to resources should be MAC (Mandetory "
u"Access Control) only.",
}
POSSIBLE_STATUSES_KEY = u"possible_statuses"
PILLARS_KEY = u"pillars"
RECOMMENDATION_KEY = u"recommendation_key"
PRINCIPLE_KEY = u"principle_key"
FINDING_EXPLANATION_BY_STATUS_KEY = u"finding_explanation"
TEST_EXPLANATION_KEY = u"explanation"
TESTS_MAP = {
@ -73,18 +73,18 @@ TESTS_MAP = {
STATUS_FAILED: "Monkey performed cross-segment communication. Check firewall rules and logs.",
STATUS_PASSED: "Monkey couldn't perform cross-segment communication. If relevant, check firewall logs."
},
RECOMMENDATION_KEY: RECOMMENDATION_SEGMENTATION,
PRINCIPLE_KEY: PRINCIPLE_SEGMENTATION,
PILLARS_KEY: [NETWORKS],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_PASSED, STATUS_FAILED]
},
TEST_MALICIOUS_ACTIVITY_TIMELINE: {
TEST_EXPLANATION_KEY: u"The Monkeys in the network performed malicious-looking actions, like scanning and attempting exploitation.",
FINDING_EXPLANATION_BY_STATUS_KEY: {
STATUS_INCONCLUSIVE: "Monkey performed malicious actions in the network. Check SOC logs and alerts."
STATUS_VERIFY: "Monkey performed malicious actions in the network. Check SOC logs and alerts."
},
RECOMMENDATION_KEY: RECOMMENDATION_ANALYZE_NETWORK_TRAFFIC,
PRINCIPLE_KEY: PRINCIPLE_ANALYZE_NETWORK_TRAFFIC,
PILLARS_KEY: [NETWORKS, VISIBILITY_ANALYTICS],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_INCONCLUSIVE]
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_VERIFY]
},
TEST_ENDPOINT_SECURITY_EXISTS: {
TEST_EXPLANATION_KEY: u"The Monkey checked if there is an active process of an endpoint security software.",
@ -92,7 +92,7 @@ TESTS_MAP = {
STATUS_FAILED: "Monkey didn't find ANY active endpoint security processes. Install and activate anti-virus software on endpoints.",
STATUS_PASSED: "Monkey found active endpoint security processes. Check their logs to see if Monkey was a security concern."
},
RECOMMENDATION_KEY: RECOMMENDATION_ENDPOINT_SECURITY,
PRINCIPLE_KEY: PRINCIPLE_ENDPOINT_SECURITY,
PILLARS_KEY: [DEVICES],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
},
@ -102,19 +102,19 @@ TESTS_MAP = {
STATUS_FAILED: "Monkey successfully exploited endpoints. Check IDS/IPS logs to see activity recognized and see which endpoints were compromised.",
STATUS_PASSED: "Monkey didn't manage to exploit an endpoint."
},
RECOMMENDATION_KEY: RECOMMENDATION_ENDPOINT_SECURITY,
PRINCIPLE_KEY: PRINCIPLE_ENDPOINT_SECURITY,
PILLARS_KEY: [DEVICES],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_INCONCLUSIVE]
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_VERIFY]
},
TEST_SCHEDULED_EXECUTION: {
TEST_EXPLANATION_KEY: "The Monkey was executed in a scheduled manner.",
FINDING_EXPLANATION_BY_STATUS_KEY: {
STATUS_INCONCLUSIVE: "Monkey was executed in a scheduled manner. Locate this activity in User-Behavior security software.",
STATUS_VERIFY: "Monkey was executed in a scheduled manner. Locate this activity in User-Behavior security software.",
STATUS_PASSED: "Monkey failed to execute in a scheduled manner."
},
RECOMMENDATION_KEY: RECOMMENDATION_USER_BEHAVIOUR,
PRINCIPLE_KEY: PRINCIPLE_USER_BEHAVIOUR,
PILLARS_KEY: [PEOPLE, NETWORKS],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_INCONCLUSIVE]
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_VERIFY]
},
TEST_DATA_ENDPOINT_ELASTIC: {
TEST_EXPLANATION_KEY: u"The Monkey scanned for unencrypted access to ElasticSearch instances.",
@ -122,7 +122,7 @@ TESTS_MAP = {
STATUS_FAILED: "Monkey accessed ElasticSearch instances. Limit access to data by encrypting it in in-transit.",
STATUS_PASSED: "Monkey didn't find open ElasticSearch instances. If you have such instances, look for alerts that indicate attempts to access them."
},
RECOMMENDATION_KEY: RECOMMENDATION_DATA_TRANSIT,
PRINCIPLE_KEY: PRINCIPLE_DATA_TRANSIT,
PILLARS_KEY: [DATA],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
},
@ -132,7 +132,7 @@ TESTS_MAP = {
STATUS_FAILED: "Monkey accessed HTTP servers. Limit access to data by encrypting it in in-transit.",
STATUS_PASSED: "Monkey didn't find open HTTP servers. If you have such servers, look for alerts that indicate attempts to access them."
},
RECOMMENDATION_KEY: RECOMMENDATION_DATA_TRANSIT,
PRINCIPLE_KEY: PRINCIPLE_DATA_TRANSIT,
PILLARS_KEY: [DATA],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
},
@ -141,7 +141,7 @@ TESTS_MAP = {
FINDING_EXPLANATION_BY_STATUS_KEY: {
STATUS_FAILED: "Monkey was tunneled its traffic using other monkeys. Your network policies are too permissive - restrict them."
},
RECOMMENDATION_KEY: RECOMMENDATION_RESTRICTIVE_NETWORK_POLICIES,
PRINCIPLE_KEY: PRINCIPLE_RESTRICTIVE_NETWORK_POLICIES,
PILLARS_KEY: [NETWORKS, VISIBILITY_ANALYTICS],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED]
},
@ -151,7 +151,7 @@ TESTS_MAP = {
STATUS_FAILED: "Monkey was able to cause a new user to access the network. Your network policies are too permissive - restrict them to MAC only.",
STATUS_PASSED: "Monkey wasn't able to cause a new user to access the network."
},
RECOMMENDATION_KEY: RECOMMENDATION_USERS_MAC_POLICIES,
PRINCIPLE_KEY: PRINCIPLE_USERS_MAC_POLICIES,
PILLARS_KEY: [PEOPLE, NETWORKS, VISIBILITY_ANALYTICS],
POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_FAILED, STATUS_PASSED]
},
@ -171,15 +171,15 @@ PILLARS_TO_TESTS = {
AUTOMATION_ORCHESTRATION: []
}
RECOMMENDATIONS_TO_TESTS = {}
PRINCIPLES_TO_TESTS = {}
RECOMMENDATIONS_TO_PILLARS = {}
PRINCIPLES_TO_PILLARS = {}
def populate_mappings():
populate_pillars_to_tests()
populate_recommendations_to_tests()
populate_recommendations_to_pillars()
populate_principles_to_tests()
populate_principles_to_pillars()
def populate_pillars_to_tests():
@ -189,17 +189,17 @@ def populate_pillars_to_tests():
PILLARS_TO_TESTS[pillar].append(test)
def populate_recommendations_to_tests():
for single_recommendation in RECOMMENDATIONS:
RECOMMENDATIONS_TO_TESTS[single_recommendation] = []
def populate_principles_to_tests():
for single_principle in PRINCIPLES:
PRINCIPLES_TO_TESTS[single_principle] = []
for test, test_info in TESTS_MAP.items():
RECOMMENDATIONS_TO_TESTS[test_info[RECOMMENDATION_KEY]].append(test)
PRINCIPLES_TO_TESTS[test_info[PRINCIPLE_KEY]].append(test)
def populate_recommendations_to_pillars():
for recommendation, recommendation_tests in RECOMMENDATIONS_TO_TESTS.items():
recommendations_pillars = set()
for test in recommendation_tests:
def populate_principles_to_pillars():
for principle, principle_tests in PRINCIPLES_TO_TESTS.items():
principles_pillars = set()
for test in principle_tests:
for pillar in TESTS_MAP[test][PILLARS_KEY]:
recommendations_pillars.add(pillar)
RECOMMENDATIONS_TO_PILLARS[recommendation] = recommendations_pillars
principles_pillars.add(pillar)
PRINCIPLES_TO_PILLARS[principle] = principles_pillars

4
monkey/monkey_island/cc/models/zero_trust/finding.py
View File

@ -14,12 +14,12 @@ from monkey_island.cc.models.zero_trust.event import Event
class Finding(Document):
"""
This model represents a Zero-Trust finding: A result of a test the monkey/island might perform to see if a
specific recommendation of zero trust is upheld or broken.
specific principle of zero trust is upheld or broken.
Findings might have the following statuses:
Failed
Meaning that we are sure that something is wrong (example: segmentation issue).
Inconclusive
Verify
Meaning that we need the user to check something himself (example: 2FA logs, AV missing).
Passed
Meaning that we are sure that something is correct (example: Monkey failed exploiting).

4
monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py
View File

@ -11,7 +11,7 @@ class TestAggregateFinding(IslandTestCase):
self.clean_finding_db()
test = TEST_MALICIOUS_ACTIVITY_TIMELINE
status = STATUS_INCONCLUSIVE
status = STATUS_VERIFY
events = [Event.create_event("t", "t", EVENT_TYPE_ISLAND)]
self.assertEquals(len(Finding.objects(test=test, status=status)), 0)
@ -30,7 +30,7 @@ class TestAggregateFinding(IslandTestCase):
self.clean_finding_db()
test = TEST_MALICIOUS_ACTIVITY_TIMELINE
status = STATUS_INCONCLUSIVE
status = STATUS_VERIFY
event = Event.create_event("t", "t", EVENT_TYPE_ISLAND)
events = [event]
self.assertEquals(len(Finding.objects(test=test, status=status)), 0)

6
monkey/monkey_island/cc/resources/reporting/report.py
View File

@ -14,7 +14,7 @@ REPORT_TYPES = [SECURITY_REPORT_TYPE, ZERO_TRUST_REPORT_TYPE]
REPORT_DATA_PILLARS = "pillars"
REPORT_DATA_FINDINGS = "findings"
REPORT_DATA_RECOMMENDATIONS_STATUS = "recommendations"
REPORT_DATA_PRINCIPLES_STATUS = "principles"
__author__ = ["itay.mizeretz", "shay.nehmad"]
@ -33,8 +33,8 @@ class Report(flask_restful.Resource):
"grades": ZeroTrustService.get_pillars_grades()
}
)
elif report_data == REPORT_DATA_RECOMMENDATIONS_STATUS:
return jsonify(ZeroTrustService.get_recommendations_status())
elif report_data == REPORT_DATA_PRINCIPLES_STATUS:
return jsonify(ZeroTrustService.get_principles_status())
elif report_data == REPORT_DATA_FINDINGS:
return jsonify(ZeroTrustService.get_all_findings())

64
monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py
View File

@ -11,12 +11,12 @@ def save_example_findings():
Finding.save_finding(TEST_ENDPOINT_SECURITY_EXISTS, STATUS_PASSED, []) # devices passed = 2
Finding.save_finding(TEST_ENDPOINT_SECURITY_EXISTS, STATUS_FAILED, []) # devices failed = 1
# devices unexecuted = 1
# people inconclusive = 1
# networks inconclusive = 1
Finding.save_finding(TEST_SCHEDULED_EXECUTION, STATUS_INCONCLUSIVE, [])
# people inconclusive = 2
# networks inconclusive = 2
Finding.save_finding(TEST_SCHEDULED_EXECUTION, STATUS_INCONCLUSIVE, [])
# people verify = 1
# networks verify = 1
Finding.save_finding(TEST_SCHEDULED_EXECUTION, STATUS_VERIFY, [])
# people verify = 2
# networks verify = 2
Finding.save_finding(TEST_SCHEDULED_EXECUTION, STATUS_VERIFY, [])
# data failed 1
Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_FAILED, [])
# data failed 2
@ -27,10 +27,10 @@ def save_example_findings():
Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_FAILED, [])
# data failed 5
Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_FAILED, [])
# data inconclusive 1
Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_INCONCLUSIVE, [])
# data inconclusive 2
Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_INCONCLUSIVE, [])
# data verify 1
Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_VERIFY, [])
# data verify 2
Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_VERIFY, [])
# data passed 1
Finding.save_finding(TEST_DATA_ENDPOINT_HTTP, STATUS_PASSED, [])
@ -45,49 +45,49 @@ class TestZeroTrustService(IslandTestCase):
expected = [
{
STATUS_FAILED: 5,
STATUS_INCONCLUSIVE: 2,
STATUS_VERIFY: 2,
STATUS_PASSED: 1,
STATUS_UNEXECUTED: 1,
"pillar": "Data"
},
{
STATUS_FAILED: 0,
STATUS_INCONCLUSIVE: 2,
STATUS_VERIFY: 2,
STATUS_PASSED: 0,
STATUS_UNEXECUTED: 0,
"pillar": "People"
},
{
STATUS_FAILED: 0,
STATUS_INCONCLUSIVE: 2,
STATUS_VERIFY: 2,
STATUS_PASSED: 0,
STATUS_UNEXECUTED: 2,
"pillar": "Networks"
},
{
STATUS_FAILED: 1,
STATUS_INCONCLUSIVE: 0,
STATUS_VERIFY: 0,
STATUS_PASSED: 2,
STATUS_UNEXECUTED: 1,
"pillar": "Devices"
},
{
STATUS_FAILED: 0,
STATUS_INCONCLUSIVE: 0,
STATUS_VERIFY: 0,
STATUS_PASSED: 0,
STATUS_UNEXECUTED: 0,
"pillar": "Workloads"
},
{
STATUS_FAILED: 0,
STATUS_INCONCLUSIVE: 0,
STATUS_VERIFY: 0,
STATUS_PASSED: 0,
STATUS_UNEXECUTED: 1,
"pillar": "Visibility & Analytics"
},
{
STATUS_FAILED: 0,
STATUS_INCONCLUSIVE: 0,
STATUS_VERIFY: 0,
STATUS_PASSED: 0,
STATUS_UNEXECUTED: 0,
"pillar": "Automation & Orchestration"
@ -98,7 +98,7 @@ class TestZeroTrustService(IslandTestCase):
self.assertEquals(result, expected)
def test_get_recommendations_status(self):
def test_get_principles_status(self):
self.fail_if_not_testing_env()
self.clean_finding_db()
@ -108,7 +108,7 @@ class TestZeroTrustService(IslandTestCase):
AUTOMATION_ORCHESTRATION: [],
DATA: [
{
"recommendation": RECOMMENDATIONS[RECOMMENDATION_DATA_TRANSIT],
"principle": PRINCIPLES[PRINCIPLE_DATA_TRANSIT],
"status": STATUS_FAILED,
"tests": [
{
@ -124,7 +124,7 @@ class TestZeroTrustService(IslandTestCase):
],
DEVICES: [
{
"recommendation": RECOMMENDATIONS[RECOMMENDATION_ENDPOINT_SECURITY],
"principle": PRINCIPLES[PRINCIPLE_ENDPOINT_SECURITY],
"status": STATUS_FAILED,
"tests": [
{
@ -140,7 +140,7 @@ class TestZeroTrustService(IslandTestCase):
],
NETWORKS: [
{
"recommendation": RECOMMENDATIONS[RECOMMENDATION_SEGMENTATION],
"principle": PRINCIPLES[PRINCIPLE_SEGMENTATION],
"status": STATUS_UNEXECUTED,
"tests": [
{
@ -150,17 +150,17 @@ class TestZeroTrustService(IslandTestCase):
]
},
{
"recommendation": RECOMMENDATIONS[RECOMMENDATION_USER_BEHAVIOUR],
"status": STATUS_INCONCLUSIVE,
"principle": PRINCIPLES[PRINCIPLE_USER_BEHAVIOUR],
"status": STATUS_VERIFY,
"tests": [
{
"status": STATUS_INCONCLUSIVE,
"status": STATUS_VERIFY,
"test": TESTS_MAP[TEST_SCHEDULED_EXECUTION][TEST_EXPLANATION_KEY]
}
]
},
{
"recommendation": RECOMMENDATIONS[RECOMMENDATION_ANALYZE_NETWORK_TRAFFIC],
"principle": PRINCIPLES[PRINCIPLE_ANALYZE_NETWORK_TRAFFIC],
"status": STATUS_UNEXECUTED,
"tests": [
{
@ -172,11 +172,11 @@ class TestZeroTrustService(IslandTestCase):
],
PEOPLE: [
{
"recommendation": RECOMMENDATIONS[RECOMMENDATION_USER_BEHAVIOUR],
"status": STATUS_INCONCLUSIVE,
"principle": PRINCIPLES[PRINCIPLE_USER_BEHAVIOUR],
"status": STATUS_VERIFY,
"tests": [
{
"status": STATUS_INCONCLUSIVE,
"status": STATUS_VERIFY,
"test": TESTS_MAP[TEST_SCHEDULED_EXECUTION][TEST_EXPLANATION_KEY]
}
]
@ -184,7 +184,7 @@ class TestZeroTrustService(IslandTestCase):
],
"Visibility & Analytics": [
{
"recommendation": RECOMMENDATIONS[RECOMMENDATION_ANALYZE_NETWORK_TRAFFIC],
"principle": PRINCIPLES[PRINCIPLE_ANALYZE_NETWORK_TRAFFIC],
"status": STATUS_UNEXECUTED,
"tests": [
{
@ -197,7 +197,7 @@ class TestZeroTrustService(IslandTestCase):
"Workloads": []
}
self.assertEquals(ZeroTrustService.get_recommendations_status(), expected)
self.assertEquals(ZeroTrustService.get_principles_status(), expected)
def test_get_pillars_to_statuses(self):
self.fail_if_not_testing_env()
@ -222,8 +222,8 @@ class TestZeroTrustService(IslandTestCase):
expected = {
AUTOMATION_ORCHESTRATION: STATUS_UNEXECUTED,
DEVICES: STATUS_FAILED,
NETWORKS: STATUS_INCONCLUSIVE,
PEOPLE: STATUS_INCONCLUSIVE,
NETWORKS: STATUS_VERIFY,
PEOPLE: STATUS_VERIFY,
VISIBILITY_ANALYTICS: STATUS_UNEXECUTED,
WORKLOADS: STATUS_UNEXECUTED,
DATA: STATUS_FAILED

32
monkey/monkey_island/cc/services/reporting/zero_trust_service.py
View File

@ -17,7 +17,7 @@ class ZeroTrustService(object):
pillar_grade = {
"pillar": pillar,
STATUS_FAILED: 0,
STATUS_INCONCLUSIVE: 0,
STATUS_VERIFY: 0,
STATUS_PASSED: 0,
STATUS_UNEXECUTED: 0
}
@ -39,30 +39,30 @@ class ZeroTrustService(object):
return pillar_grade
@staticmethod
def get_recommendations_status():
all_recommendations_statuses = {}
def get_principles_status():
all_principles_statuses = {}
# init with empty lists
for pillar in PILLARS:
all_recommendations_statuses[pillar] = []
all_principles_statuses[pillar] = []
for recommendation, recommendation_tests in RECOMMENDATIONS_TO_TESTS.items():
for pillar in RECOMMENDATIONS_TO_PILLARS[recommendation]:
all_recommendations_statuses[pillar].append(
for principle, principle_tests in PRINCIPLES_TO_TESTS.items():
for pillar in PRINCIPLES_TO_PILLARS[principle]:
all_principles_statuses[pillar].append(
{
"recommendation": RECOMMENDATIONS[recommendation],
"tests": ZeroTrustService.__get_tests_status(recommendation_tests),
"status": ZeroTrustService.__get_recommendation_status(recommendation_tests)
"principle": PRINCIPLES[principle],
"tests": ZeroTrustService.__get_tests_status(principle_tests),
"status": ZeroTrustService.__get_principle_status(principle_tests)
}
)
return all_recommendations_statuses
return all_principles_statuses
@staticmethod
def __get_recommendation_status(recommendation_tests):
def __get_principle_status(principle_tests):
worst_status = STATUS_UNEXECUTED
all_statuses = set()
for test in recommendation_tests:
for test in principle_tests:
all_statuses |= set(Finding.objects(test=test).distinct("status"))
for status in all_statuses:
@ -72,9 +72,9 @@ class ZeroTrustService(object):
return worst_status
@staticmethod
def __get_tests_status(recommendation_tests):
def __get_tests_status(principle_tests):
results = []
for test in recommendation_tests:
for test in principle_tests:
test_findings = Finding.objects(test=test)
results.append(
{
@ -124,7 +124,7 @@ class ZeroTrustService(object):
def get_statuses_to_pillars():
results = {
STATUS_FAILED: [],
STATUS_INCONCLUSIVE: [],
STATUS_VERIFY: [],
STATUS_PASSED: [],
STATUS_UNEXECUTED: []
}

2
monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py
View File

@ -69,6 +69,6 @@ def test_open_data_endpoints(telemetry_json):
AggregateFinding.create_or_add_to_existing(
test=TEST_MALICIOUS_ACTIVITY_TIMELINE,
status=STATUS_INCONCLUSIVE,
status=STATUS_VERIFY,
events=events
)

2
monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py
View File

@ -38,6 +38,6 @@ def test_machine_exploited(current_monkey, exploit_successful, exploiter, target
AggregateFinding.create_or_add_to_existing(
test=TEST_MALICIOUS_ACTIVITY_TIMELINE,
status=STATUS_INCONCLUSIVE,
status=STATUS_VERIFY,
events=events
)

4
monkey/monkey_island/cc/services/telemetry/zero_trust_tests/tunneling.py
View File

@ -1,4 +1,4 @@
from common.data.zero_trust_consts import TEST_TUNNELING, STATUS_FAILED, EVENT_TYPE_MONKEY_NETWORK, STATUS_INCONCLUSIVE, \
from common.data.zero_trust_consts import TEST_TUNNELING, STATUS_FAILED, EVENT_TYPE_MONKEY_NETWORK, STATUS_VERIFY, \
TEST_MALICIOUS_ACTIVITY_TIMELINE
from monkey_island.cc.models import Monkey
from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding
@ -26,6 +26,6 @@ def test_tunneling_violation(tunnel_telemetry_json):
AggregateFinding.create_or_add_to_existing(
test=TEST_MALICIOUS_ACTIVITY_TIMELINE,
status=STATUS_INCONCLUSIVE,
status=STATUS_VERIFY,
events=tunneling_events
)

12
monkey/monkey_island/cc/ui/src/components/pages/ZeroTrustReportPage.js
View File

@ -8,7 +8,7 @@ import PrintReportButton from "../report-components/common/PrintReportButton";
import {extractExecutionStatusFromServerResponse} from "../report-components/common/ExecutionStatus";
import SummarySection from "../report-components/zerotrust/SummarySection";
import FindingsSection from "../report-components/zerotrust/FindingsSection";
import RecommendationsSection from "../report-components/zerotrust/RecommendationsSection";
import PrinciplesSection from "../report-components/zerotrust/PrinciplesSection";
class ZeroTrustReportPageComponent extends AuthComponent {
@ -72,8 +72,8 @@ class ZeroTrustReportPageComponent extends AuthComponent {
} else {
content = <div id="MainContentSection">
<SummarySection allMonkeysAreDead={this.state.allMonkeysAreDead} pillars={this.state.pillars}/>
<RecommendationsSection recommendations={this.state.recommendations}
pillarsToStatuses={this.state.pillars.pillarsToStatuses}/>
<PrinciplesSection principles={this.state.principles}
pillarsToStatuses={this.state.pillars.pillarsToStatuses}/>
<FindingsSection pillarsToStatuses={this.state.pillars.pillarsToStatuses} findings={this.state.findings}/>
</div>;
}
@ -102,7 +102,7 @@ class ZeroTrustReportPageComponent extends AuthComponent {
stillLoadingDataFromServer() {
return typeof this.state.findings === "undefined"
|| typeof this.state.pillars === "undefined"
|| typeof this.state.recommendations === "undefined";
|| typeof this.state.principles === "undefined";
}
getZeroTrustReportFromServer() {
@ -114,11 +114,11 @@ class ZeroTrustReportPageComponent extends AuthComponent {
findings: res
});
});
this.authFetch('/api/report/zero_trust/recommendations')
this.authFetch('/api/report/zero_trust/principles')
.then(res => res.json())
.then(res => {
this.setState({
recommendations: res
principles: res
});
});
this.authFetch('/api/report/zero_trust/pillars')

2
monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/FindingsSection.js
View File

@ -35,7 +35,7 @@ class FindingsSection extends Component {
</p>
<FindingsTable data={findingsByStatus[ZeroTrustStatuses.failed]} status={ZeroTrustStatuses.failed}/>
<FindingsTable data={findingsByStatus[ZeroTrustStatuses.inconclusive]} status={ZeroTrustStatuses.inconclusive}/>
<FindingsTable data={findingsByStatus[ZeroTrustStatuses.verify]} status={ZeroTrustStatuses.verify}/>
<FindingsTable data={findingsByStatus[ZeroTrustStatuses.passed]} status={ZeroTrustStatuses.passed}/>
</div>
);

29
monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/PrinciplesSection.js Normal file
View File

@ -0,0 +1,29 @@
import React, {Component} from "react";
import SinglePillarPrinciplesStatus from "./SinglePillarPrinciplesStatus";
import * as PropTypes from "prop-types";
export default class PrinciplesSection extends Component {
render() {
return <div id="principles-section">
<h2>Test Results</h2>
<p>
The Zero Trust eXtended (ZTX) framework is composed of 7 pillars. Each pillar is built of
several guiding principles tested by the Infection Monkey.
</p>
{
Object.keys(this.props.principles).map((pillar) =>
<SinglePillarPrinciplesStatus
key={pillar}
pillar={pillar}
principlesStatus={this.props.principles[pillar]}
pillarsToStatuses={this.props.pillarsToStatuses}/>
)
}
</div>
}
}
PrinciplesSection.propTypes = {
principles: PropTypes.object,
pillarsToStatuses: PropTypes.object
};

12
monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/RecommendationsStatusTable.js → monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/PrinciplesStatusTable.js
View File

@ -16,7 +16,7 @@ const columns = [
},
maxWidth: MAX_WIDTH_STATUS_COLUMN
},
{ Header: 'ZT Recommendation', accessor: 'recommendation',
{ Header: 'Zero Trust Principle', accessor: 'principle',
style: {'whiteSpace': 'unset'} // This enables word wrap
},
{ Header: 'Monkey Tests', id: 'tests',
@ -34,7 +34,7 @@ class TestsStatus extends AuthComponent {
return (
<Fragment>
{this.getFilteredTestsByStatusIfAny(ZeroTrustStatuses.failed)}
{this.getFilteredTestsByStatusIfAny(ZeroTrustStatuses.inconclusive)}
{this.getFilteredTestsByStatusIfAny(ZeroTrustStatuses.verify)}
{this.getFilteredTestsByStatusIfAny(ZeroTrustStatuses.passed)}
{this.getFilteredTestsByStatusIfAny(ZeroTrustStatuses.unexecuted)}
</Fragment>
@ -60,12 +60,12 @@ class TestsStatus extends AuthComponent {
}
}
export class RecommendationsStatusTable extends AuthComponent {
export class PrinciplesStatusTable extends AuthComponent {
render() {
return <PaginatedTable data={this.props.recommendationsStatus} columns={columns} pageSize={5}/>;
return <PaginatedTable data={this.props.principlesStatus} columns={columns} pageSize={5}/>;
}
}
export default RecommendationsStatusTable;
export default PrinciplesStatusTable;
RecommendationsStatusTable.propTypes = {recommendationsStatus: PropTypes.array};
PrinciplesStatusTable.propTypes = {principlesStatus: PropTypes.array};

29
monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/RecommendationsSection.js
View File

@ -1,29 +0,0 @@
import React, {Component} from "react";
import SinglePillarRecommendationsStatus from "./SinglePillarRecommendationsStatus";
import * as PropTypes from "prop-types";
export default class RecommendationsSection extends Component {
render() {
return <div id="recommendations-section">
<h2>Recommendations</h2>
<p>
Analyze each zero trust recommendation by pillar, and see if you've followed through with it. See test results
to understand how the monkey tested your adherence to that recommendation.
</p>
{
Object.keys(this.props.recommendations).map((pillar) =>
<SinglePillarRecommendationsStatus
key={pillar}
pillar={pillar}
recommendationsStatus={this.props.recommendations[pillar]}
pillarsToStatuses={this.props.pillarsToStatuses}/>
)
}
</div>
}
}
RecommendationsSection.propTypes = {
recommendations: PropTypes.object,
pillarsToStatuses: PropTypes.object
};

5
monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/ReportLegend.js
View File

@ -36,7 +36,7 @@ class ZeroTrustReportLegend extends Component {
</li>
<li>
<div style={{display: "inline-block"}}>
<StatusLabel showText={true} status={ZeroTrustStatuses.inconclusive}/>
<StatusLabel showText={true} status={ZeroTrustStatuses.verify}/>
</div>
{"\t"}At least one of the tests results related to this component requires further manual verification.
</li>
@ -50,11 +50,10 @@ class ZeroTrustReportLegend extends Component {
<div style={{display: "inline-block"}}>
<StatusLabel showText={true} status={ZeroTrustStatuses.unexecuted}/>
</div>
{"\t"}This status means the test wasn't executed.
{"\t"}This status means the test wasn't executed.To activate more tests, refer to the Monkey <NavLink to="/configuration"><u>configuration</u></NavLink> page.
</li>
</ul>
<hr />
To activate more tests, go to the Monkey <NavLink to="/configuration"><u>configuration</u></NavLink> page.n
</div>;
}
}

12
monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SinglePillarRecommendationsStatus.js → monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SinglePillarPrinciplesStatus.js
View File

@ -1,13 +1,13 @@
import AuthComponent from "../../AuthComponent";
import PillarLabel from "./PillarLabel";
import RecommendationsStatusTable from "./RecommendationsStatusTable";
import PrinciplesStatusTable from "./PrinciplesStatusTable";
import React from "react";
import * as PropTypes from "prop-types";
import {Panel} from "react-bootstrap";
export default class SinglePillarRecommendationsStatus extends AuthComponent {
export default class SinglePillarPrinciplesStatus extends AuthComponent {
render() {
if (this.props.recommendationsStatus.length === 0) {
if (this.props.principlesStatus.length === 0) {
return null;
}
else {
@ -22,7 +22,7 @@ export default class SinglePillarRecommendationsStatus extends AuthComponent {
</Panel.Heading>
<Panel.Collapse>
<Panel.Body>
<RecommendationsStatusTable recommendationsStatus={this.props.recommendationsStatus}/>
<PrinciplesStatusTable principlesStatus={this.props.principlesStatus}/>
</Panel.Body>
</Panel.Collapse>
</Panel>
@ -31,7 +31,7 @@ export default class SinglePillarRecommendationsStatus extends AuthComponent {
}
}
SinglePillarRecommendationsStatus.propTypes = {
recommendationsStatus: PropTypes.array,
SinglePillarPrinciplesStatus.propTypes = {
principlesStatus: PropTypes.array,
pillar: PropTypes.string,
};

4
monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/StatusLabel.js
View File

@ -3,14 +3,14 @@ import * as PropTypes from "prop-types";
const statusToIcon = {
"Passed": "fa-check",
"Inconclusive": "fa-exclamation-triangle",
"Verify": "fa-exclamation-triangle",
"Failed": "fa-bomb",
"Unexecuted": "fa-question",
};
export const statusToLabelType = {
"Passed": "label-success",
"Inconclusive": "label-warning",
"Verify": "label-warning",
"Failed": "label-danger",
"Unexecuted": "label-default",
};

2
monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/StatusesToPillarsSummary.js
View File

@ -8,7 +8,7 @@ export default class StatusesToPillarsSummary extends Component {
render() {
return (<div id="piilar-summary">
{this.getStatusSummary(ZeroTrustStatuses.failed)}
{this.getStatusSummary(ZeroTrustStatuses.inconclusive)}
{this.getStatusSummary(ZeroTrustStatuses.verify)}
{this.getStatusSummary(ZeroTrustStatuses.passed)}
{this.getStatusSummary(ZeroTrustStatuses.unexecuted)}
</div>);

17
monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SummarySection.js
View File

@ -14,7 +14,8 @@ export default class SummarySection extends Component {
<Col xs={12} sm={12} md={12} lg={12}>
<MonkeysStillAliveWarning allMonkeysAreDead={this.props.allMonkeysAreDead}/>
<p>
Get a quick glance of the status for each of Zero Trust's seven pillars.
Get a quick glance at how your network aligns with the <a href="https://www.forrester.com/report/The+Zero+Trust+eXtended+ZTX+Ecosystem/-/E-RES137210">Zero
Trust eXtended (ZTX) framework</a>.
</p>
</Col>
</Row>
@ -27,20 +28,6 @@ export default class SummarySection extends Component {
<ZeroTrustReportLegend/>
</Col>
</Row>
<Row>
<Col xs={12} sm={12} md={12} lg={12}>
<h4>What am I seeing?</h4>
<p>
The <a href="https://www.forrester.com/report/The+Zero+Trust+eXtended+ZTX+Ecosystem/-/E-RES137210">Zero
Trust eXtended framework</a> categorizes its <b>recommendations</b> into 7 <b>pillars</b>. Infection
Monkey
Zero Trust edition tests some of those recommendations. The <b>tests</b> that the monkey executes
produce <b>findings</b>. The tests, recommendations and pillars are then granted a <b>status</b> in
accordance
with the tests results.
</p>
</Col>
</Row>
</Grid>
</div>
}

2
monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/ZeroTrustPillars.js
View File

@ -10,7 +10,7 @@ export const ZeroTrustPillars = {
export const ZeroTrustStatuses = {
failed: "Failed",
inconclusive: "Inconclusive",
verify: "Verify",
passed: "Passed",
unexecuted: "Unexecuted"
};

11
monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/venn-components/VennDiagram.js
View File

@ -78,23 +78,22 @@ class VennDiagram extends React.Component {
RULE #1: All scores have to be equal 0, except Unexecuted [U] which could be also a negative integer
sum(C, I, P) has to be <=0
RULE #2: Conclusive [C] has to be > 0,
RULE #2: Failed [C] has to be > 0,
sum(C) > 0
RULE #3: Inconclusive [I] has to be > 0 while Conclusive has to be 0,
RULE #3: Verify [I] has to be > 0 while Failed has to be 0,
sum(C, I) > 0 and C * I = 0, while C has to be 0
RULE #4: By process of elimination, passed.
if the P is bigger by 2 then negative U, first conditional
would be true.
*/
this.rules = [
{
id: 'Rule #1', status: ZeroTrustStatuses.unexecuted, hex: '#777777', f: function (d_) {
return d_[ZeroTrustStatuses.failed] + d_[ZeroTrustStatuses.inconclusive] + d_[ZeroTrustStatuses.passed] === 0;
return d_[ZeroTrustStatuses.failed] + d_[ZeroTrustStatuses.verify] + d_[ZeroTrustStatuses.passed] === 0;
}
},
{
@ -103,8 +102,8 @@ class VennDiagram extends React.Component {
}
},
{
id: 'Rule #3', status: 'Inconclusive', hex: '#F0AD4E', f: function (d_) {
return d_[ZeroTrustStatuses.failed] === 0 && d_[ZeroTrustStatuses.inconclusive] > 0;
id: 'Rule #3', status: ZeroTrustStatuses.verify, hex: '#F0AD4E', f: function (d_) {
return d_[ZeroTrustStatuses.failed] === 0 && d_[ZeroTrustStatuses.verify] > 0;
}
},
{