Commit Graph

9856 Commits

Author SHA1 Message Date
Shreya Malviya 512403c1e0 UI: Fix spelling mistake on configuration page 2022-08-22 18:06:53 +05:30
Mike Salvatore b7b3f28213 UT: Fix formatting in test_transforms.py 2022-08-22 08:02:25 -04:00
Ilija Lazoroski 789ca96bb0 BB: Set island mode to Custom 2022-08-19 12:13:59 -04:00
Mike Salvatore 0e78129515 Common: Rename OperatingSystems -> OperatingSystem
By convention, Enum names are singular.
2022-08-19 12:10:43 -04:00
Mike Salvatore 9fb0532646 IT: Speed up ransomware extension test by disabling readme feature
Reduces the runtime from 1.25s to under 0.005s
2022-08-19 11:53:36 -04:00
Mike Salvatore 19d6333f2c Merge branch 'machine-agent-node-models' into develop 2022-08-19 11:41:30 -04:00
Mike Salvatore 4769b0edc8 Project: Add fields from some models to vulture_allowlist.py 2022-08-19 11:31:14 -04:00
Mike Salvatore 4a05c5a250 Island: Add agent model 2022-08-19 11:31:14 -04:00
Mike Salvatore a625cc4583 Island: Rename Machine.node_id -> hardware_id
"hardware_id" more accurately explains the data we want to store. It
also avoids any confusion resulting from overloading the term "node".
2022-08-19 11:31:14 -04:00
Mike Salvatore 59fd83f0a0 Island: Add Node model 2022-08-19 11:31:14 -04:00
Mike Salvatore 5b4b7f0049 Island: Use make_immutable_sequence() when constructing Machine 2022-08-19 11:31:14 -04:00
Mike Salvatore b3bfc598a3 Island: Add transform functions to make immutable copies of sequences 2022-08-19 11:31:14 -04:00
Mike Salvatore 3fd7051869 Island: Add MachineID type definition 2022-08-19 11:31:14 -04:00
Mike Salvatore 54db99350d Island: Add CommunicationType Enum 2022-08-19 11:31:14 -04:00
Mike Salvatore b6e04074a4 Island: Make Machine.network_interfaces immutable 2022-08-19 11:31:14 -04:00
Mike Salvatore a4a4613a66 Island: Add a Machine model 2022-08-19 11:31:14 -04:00
Mike Salvatore 09474ac1fe Island: Add base models for pydantic classes 2022-08-19 11:31:11 -04:00
Mike Salvatore b5581d76b2 Island: Add pydantic to Python dependencies 2022-08-19 11:30:07 -04:00
Mike Salvatore e0d3f5c666 Docs: Fix spelling error in ransomware simulation docs 2022-08-19 09:50:20 -04:00
Mike Salvatore ce390e41b8
Merge pull request #2206 from guardicore/1242-allow-custom-ransomware-extension
1242 allow custom ransomware extension
2022-08-19 09:48:34 -04:00
Mike Salvatore 11b6797a0a Changelog: Fix spelling error 2022-08-19 09:47:10 -04:00
Kekoa Kaaikala 9a449a6a99 Changelog: Add entry for custom file extension 2022-08-19 13:08:16 +00:00
Ilija Lazoroski 9b08b2942f Agent: Initialize MimikatzCollector with a event_queue 2022-08-19 10:12:43 +02:00
Kekoa Kaaikala 59ad57ccbd Agent: Discard the right file extension 2022-08-18 17:51:24 +00:00
Kekoa Kaaikala b5c6240190 UT: Move a ransomware test to integration_tests 2022-08-18 17:46:55 +00:00
Kekoa Kaaikala baa1687487 Docs: Add a section for custom file extension 2022-08-18 16:47:57 +00:00
Kekoa Kaaikala 9cbee5ba6d UT: Test that ransomware applies the file extension 2022-08-18 15:30:28 +00:00
Kekoa Kaaikala 880c2fe707 Agent: Add file extension to ransomware 2022-08-18 15:30:28 +00:00
Kekoa Kaaikala 0797afb9a0 UI: Allow for empty file extension 2022-08-18 15:30:28 +00:00
Kekoa Kaaikala 194f08c294 Agent: Add file extension to default agent config 2022-08-18 15:30:21 +00:00
Kekoa Kaaikala ae1fbb7cc5 Agent: Add file extension to RansomwareOptions 2022-08-18 15:30:14 +00:00
ilija-lazoroski 808bf5fee9
Merge pull request #2205 from guardicore/2179-create-ieventserializer
Event serializer
2022-08-18 16:06:14 +02:00
Ilija Lazoroski ff0469690f UT: Add type checking tests for EventSerializer Registry 2022-08-18 15:54:11 +02:00
Ilija Lazoroski b541dc465d Common: Type checking in EventSerializerRegistry 2022-08-18 15:54:04 +02:00
Shreya Malviya 4be262657e Project: Remove Vulture entries no longer relevant
Issue #2176
2022-08-18 07:13:30 -04:00
Mike Salvatore c55098e186
Merge pull request #2197 from guardicore/2176-remove-credentials-intercepting-telemetry-messenger
2176 remove credentials intercepting telemetry messenger
2022-08-18 06:39:42 -04:00
Mike Salvatore bc0c46bfb9
Merge pull request #2201 from guardicore/2176-publish-credentials-stolen-in-mimikatz
CredentialsStolenEvent in MimikatzCredentialCollector
2022-08-18 06:37:40 -04:00
Ilija Lazoroski 4b1ad70f84 Common: Set event to registry only by class 2022-08-18 10:33:10 +02:00
Ilija Lazoroski aeaabbccc4 UT: Test EventSerializerRegistry 2022-08-18 10:31:10 +02:00
Ilija Lazoroski e83503e65a Common: Export EventSerializerRegistry from __init__ 2022-08-18 10:30:38 +02:00
Ilija Lazoroski a32d9359b0 Common: Accept Union[str, Type[AbstractEvent]] in EventSerializerRegistry 2022-08-18 09:44:45 +02:00
Ilija Lazoroski 23604009a0 Common: Fix hint in IEventSerializer 2022-08-18 09:32:02 +02:00
Ilija Lazoroski 20f529d6a2 UT: Separate mimikatz credentials stolen event test 2022-08-18 09:22:59 +02:00
Kekoa Kaaikala 4f776f0102 UI: Add field for ransomed file extension 2022-08-17 20:10:23 +00:00
Shreya Malviya 132f3a3473 Project: Add event serializer entries to Vulture allowlist 2022-08-17 21:31:35 +05:30
Shreya Malviya 141c766b51 Common: Add EventSerializerRegistry 2022-08-17 21:29:06 +05:30
Shreya Malviya 0b9191ca43 Common: Add IEventSerializer to common/event_serializers/__init__.py 2022-08-17 21:28:33 +05:30
Kekoa Kaaikala 639fb26445 Agent: Improve the speed of bit flipping code
- Remove a function call
- Use a generator
- Use a more efficient flip calculation (subtraction instead of xor)

Issue #2123
2022-08-17 10:52:57 -04:00
Mike Salvatore 8b32e6d7a5
Merge pull request #2203 from guardicore/build-downgrade-pipenv
Build: Downgrade pipenv to use 2022.7.4
2022-08-17 09:01:07 -04:00
Ilija Lazoroski 8355d9e68a Buid: Export CI to get rid of nasty characters 2022-08-17 09:00:44 -04:00