Commit Graph

5526 Commits

Author SHA1 Message Date
Mike Salvatore 638db3d7e0 Island: Escape '-' character in environment variable regex
Co-authored-by: Shreya Malviya <shreya.malviya@gmail.com>
2021-07-06 09:38:32 -04:00
Mike Salvatore d2dda4519f Island: Allow Windows ransomware target paths to be UNC paths 2021-07-06 09:38:32 -04:00
Mike Salvatore 9d4ee88e09 Island: Do not allow Windows ransomware target paths beginning with "$"
As far as I can tell, environment variables in Windows look like %NAME%.
Variables in powershell begin with $, but file explorer doesn't
recognize paths beginning with $ as valid.
2021-07-06 09:38:32 -04:00
Mike Salvatore df6082b50a Island: Refactor linux/windows ransomware path regexes
Refactored because the escape characters were cumbersome and difficult
to read when regexes were defined as strings. Also allow special
characters in Windows environment variable names as per
https://ss64.com/nt/syntax-variables.html
2021-07-06 09:38:32 -04:00
Shreya dc305d8e16 cc: Add validation format (starts wih `~`) for ransomware linux target directory 2021-07-06 09:38:32 -04:00
Shreya 3496c717a9 cc, common: Split ransomware dir path validator regex expressions and rename related stuff to accurately describe it 2021-07-02 16:39:03 +05:30
Shreya 54072b6632 cc: Make whitespace-only a valid input for ransomware target directory paths 2021-07-02 16:09:50 +05:30
Shreya 1768c0cdf6 cc: Fix regex bug when validating ransomware target directories 2021-07-02 16:04:46 +05:30
Shreya 3d48a11fc2 cc: Add regex validators for ransomware directory path validation 2021-07-01 13:32:10 +05:30
Shreya 8af93c4304 cc: Add ransomware directory path validation error messages 2021-07-01 13:31:39 +05:30
Shreya 73c61ebcf0 island: Add ransomware directory path validators to ransomware schema 2021-07-01 13:31:10 +05:30
Shreya 0a1782a928 common: Add validator constants for valid ransomware directory paths 2021-07-01 13:30:55 +05:30
Mike Salvatore f698c889e3 Docs: Move ransomware from References to Use Cases 2021-06-30 11:40:06 -04:00
Mike Salvatore b19044e4e8 Docs: Fix "The Infection Monkey" consistency in ransomware.md 2021-06-30 11:37:32 -04:00
Mike Salvatore f023399a36
Merge pull request #1285 from guardicore/ransomware_dir_hide_ui
Ransomware: hide directory fields if encryption is disabled
2021-06-30 10:46:13 -04:00
Mike Salvatore 8735724c90
Merge pull request #1283 from guardicore/config-log-formatting
Agent: Format config log messages so they are readable
2021-06-30 10:19:05 -04:00
Mike Salvatore bfa6bcaeb2 Island: Reword descriptions in ransomware config schema 2021-06-30 10:10:44 -04:00
Mike Salvatore adc7996ab8 Docs: Rework ransomware documentation 2021-06-30 10:10:04 -04:00
Mike Salvatore dcffe2a850
Merge pull request #1284 from guardicore/ransomware-targeted-files
Ransomware targeted files
2021-06-30 09:51:43 -04:00
VakarisZ 16f97f2811 Hide the input fields for directories to be encrypted if "Should encrypt" option is disabled
This change will enhance the UX by hiding the irrelevant inputs. This also allows us to add further logic to dynamically hide/show or otherwise modify uiSchema
2021-06-30 16:05:32 +03:00
VakarisZ 889df554ae Refactor form data in ConfigurePage.js to be held in state
This change will allow dynamically modifying other state parameters and re-rendering on form data change
2021-06-30 15:58:30 +03:00
VakarisZ a82850cb64 Add ransomware directories property to UISchema object
This addition is required to manipulate the UI components in ransomware configuration UI without the need to create object's properties. Otherwise we'd have to create ransomware.encryption.directories in UI schema using code.
2021-06-30 15:58:30 +03:00
Mike Salvatore ebab7be32b Docs: Improve language regarding ransomware targeted file extensions 2021-06-30 08:41:26 -04:00
Mike Salvatore 2427393e4a Agent: Rename VALID_FILE_EXTENSIONS_FOR_ENCRYPTION 2021-06-30 08:41:00 -04:00
Mike Salvatore f3e797694b Agent: Format config log messages so they are readable 2021-06-30 08:07:11 -04:00
Mike Salvatore 3fb8c06102
Merge pull request #1280 from guardicore/ransomware-encryption-bool
Add encryption checkbox to ransomware config page
2021-06-30 07:46:22 -04:00
Mike Salvatore 169bb34106 Agent: Simplify and improve logging in RansomwarePayload 2021-06-30 07:43:18 -04:00
Mike Salvatore 946641f9a2 Rename {windows,linux}_dir to *_target_dir for consistency 2021-06-30 07:29:53 -04:00
Mike Salvatore 9a58d5bc7a Island: Reword ransomware target directory descriptions 2021-06-30 07:24:37 -04:00
Mike Salvatore 771aa747a8 Agent: encryption_enabled renamed using "private" naming convention 2021-06-30 06:53:27 -04:00
Mike Salvatore 0f6a712c4c
Merge pull request #1278 from guardicore/ransomware-readme-docs
Ransomware documentation modifications for README.txt
2021-06-30 06:49:40 -04:00
Mike Salvatore 0d0d268a64 Docs: Fix formatting of ransomware documentation 2021-06-30 06:49:01 -04:00
Mike Salvatore af5fd8ac9d Docs: Minor wording change to ransomware description 2021-06-30 06:47:09 -04:00
Shreya aecb80566b cc: Reword ransomware configuration fields' descriptions 2021-06-30 13:43:06 +05:30
Shreya 619695d5bc agent: Rename `self.should_encrypt` to `self.encryption_enabled` in ransomware payload 2021-06-30 13:34:38 +05:30
Shreya 560cfb5948 docs: Do slight rewording in ransomware's README section 2021-06-30 12:36:35 +05:30
Shreya Malviya 8a902cd2b6
docs: Modify README portion of ransomware docs
Give more context. Explain how a ransomware attack usually does this.

Co-authored-by: Mike Salvatore <mike.s.salvatore@gmail.com>
2021-06-30 12:26:55 +05:30
Shreya 392ece29a0 tests: Modify/add tests for ransomware payload as per ransomware config schema changes 2021-06-29 14:02:02 -04:00
Shreya a1efd915b1 cc: Fix grammar in ransomware config schema 2021-06-29 13:52:37 -04:00
Shreya 4035d9d213 agent: Modify ransomware payload to work with modified ransomware config schema 2021-06-29 13:52:26 -04:00
Shreya 13a94804b4 cc: Add checkbox for ransomware encryption 2021-06-29 13:51:29 -04:00
Mike Salvatore 6301ec9d14 agent: Add a log message when ransomware leaves a README.txt 2021-06-29 13:39:00 -04:00
Mike Salvatore d87b8ae4a7 agent: Fix typo RansomewarePayload -> RansomwarePayload 2021-06-29 12:00:49 -04:00
Mike Salvatore 32a0a41c21 Agent: Add content to ransomware README.txt file 2021-06-29 11:51:23 -04:00
Mike Salvatore f027ad6d1b Agg ransomware simulation to CHANGELOG 2021-06-29 11:48:07 -04:00
Mike Salvatore 355136ae35 Merge branch 'add-fields-to-file-encryption-telemetry' into develop 2021-06-29 11:44:09 -04:00
Mike Salvatore 8ad822397c Merge branch 'rename-ransomware-telem' into develop 2021-06-29 11:40:19 -04:00
Mike Salvatore 6a67626bc3 Merge branch 'ransomware-readme-behavior' into develop 2021-06-29 11:31:57 -04:00
Mike Salvatore 92be6e72c2 Island: Fix casing on README.TXT 2021-06-29 11:03:55 -04:00
Mike Salvatore b312c11f44 Agent: Leave a README.txt in ransomware target dir if it's configured 2021-06-29 11:03:55 -04:00