Commit Graph

5703 Commits

Author SHA1 Message Date
Mike Salvatore 9044c587a6 Agent: Pass a RansomwareConfig to RansomwarePayload
Rather than RansomwarePayload being responsible fro translating the
config dictionary into something usable, it now just accepts a
RansomwareConfig object which contains pre-processed configuration
options.
2021-07-15 11:26:02 -04:00
Mike Salvatore 6f5a7faaa1 Agent: Add RannsomwareConfig class 2021-07-15 11:23:32 -04:00
Mike Salvatore 918d233983 Agent: Add build_ransomware_payload() function 2021-07-14 12:48:37 -04:00
Mike Salvatore fd3cc46e55 Agent: Remove unused return value from RansomwarePayload._encrypt_files 2021-07-14 12:07:19 -04:00
Mike Salvatore 0be919b805 Agent: Use mock encryptor in test_ransomware_payload.py 2021-07-14 09:18:59 -04:00
Mike Salvatore d9cc66de54 Agent: Inject InPlaceFileEncryptor into RansomwarePayload 2021-07-14 08:50:49 -04:00
Mike Salvatore 0cb975a592 Agent: Rename InPlaceEncryptor -> InPlaceFileEncryptor 2021-07-14 08:38:51 -04:00
Mike Salvatore 39171f0950 Agent: Add ability to rename file to InPlaceEncryptor 2021-07-14 08:34:58 -04:00
Mike Salvatore 55ba5f530d Agent: Add InPlaceEncryptor
InPlaceEncryptor encrypts a file in place. It accepts a callable that
performs the actual bit manipulation. This allows the in-place
encryption functionality to be easily reused, while the actual
encryption algorithm can be changed.
2021-07-14 08:33:42 -04:00
Mike Salvatore ce2ad81321 Island: Replace concrete file selector with mock in ransomware tests 2021-07-14 07:14:49 -04:00
Mike Salvatore 81eba6e883 Agent: Accept a "select_files" Callable 2021-07-13 19:22:42 -04:00
Mike Salvatore 222c394dbc Agent: Accept a "leave_readme" Callable instead of copy_file 2021-07-13 16:24:21 -04:00
Mike Salvatore 45a382f5ff Add #1240 to CHANGELOG 2021-07-13 12:36:03 -04:00
Mike Salvatore 8977040d98
Merge pull request #1317 from guardicore/ransomware_table_ui
Ransomware table UI
2021-07-13 12:35:18 -04:00
Mike Salvatore 50cb687769 Island: Change colors of ransomware table text
If some files were encrypted, warning text color should be used. If all
files were encrypted, danger text color should be used.
2021-07-13 12:34:25 -04:00
Mike Salvatore 5aa5facf1f Island: Move renderFileEncryptionStats to FileEncryptionTable.tsx 2021-07-13 11:26:07 -04:00
Mike Salvatore 77754cb4ff Island: Remove superfluous description from ransomware report 2021-07-13 11:23:48 -04:00
Mike Salvatore 1f1b9bf2fc
Island: Deduplicate <p> in renderFileEncryptionStats() 2021-07-13 11:21:56 -04:00
Mike Salvatore 3c84e70ab1
Merge pull request #1314 from guardicore/1241/ransomware-quickstart-remove-congrats
Ransomware quickstart - Remove "Congrats" message and change header
2021-07-13 11:08:52 -04:00
Mike Salvatore c89416f256
Merge pull request #1318 from guardicore/ransomware_quickstart_endpoint
Ransomware quickstart endpoint
2021-07-13 11:05:23 -04:00
Mike Salvatore 84a78a5048 Island: Don't catch Exception in POST /api/island-mode
Flask automatically traps exceptions, returns a 500, and logs a stack
trace. Since Flask will automatically return a 500, we don't need to
duplicate the functionality. Since it prints a stack trace, it provides
more useful information than catching it did.
2021-07-13 11:02:18 -04:00
Mike Salvatore a0fb6fa2b6 Island: Return 400 from POST /api/island_mode on invalid JSON 2021-07-13 10:58:08 -04:00
Mike Salvatore 26d3782a66 Island: Test both "ransomware" and "advanced" modes 2021-07-13 10:49:15 -04:00
Mike Salvatore 7549e64b41 Island: Return 500 from POST /api/island-mode if unexpected exception 2021-07-13 10:46:47 -04:00
Ilija Lazoroski bf5ff8dc71 ui: Rename RunServerPage to GettingStartedPage 2021-07-13 16:32:32 +02:00
Mike Salvatore acdfeb858f Tests: Move raise_() to a reusable location 2021-07-13 10:30:38 -04:00
Mike Salvatore c56ca37bc0 Island: Respond with 422 instead of 404 from POST /api/island-mode 2021-07-13 10:25:52 -04:00
Ilija Lazoroski 9310463f44 UT: Refactor island mode test for set model 2021-07-13 10:25:52 -04:00
Ilija Lazoroski 81a8ccf673 Island: Return empty post status for island mode 2021-07-13 10:25:48 -04:00
Ilija Lazoroski a5151a65a3 ui: Add style to css for RunServerPage 2021-07-13 15:22:35 +02:00
VakarisZ 3e2cf1d69c Island: refactor RansomwareReport.js to not use the props in state initialization 2021-07-13 15:33:50 +03:00
Mike Salvatore 1a4d2eb76c
Merge pull request #1319 from guardicore/report-tabs-order-based-on-mode
Make ransomware report tab the default if in ransomware mode
2021-07-13 07:48:20 -04:00
VakarisZ b408c650dc Island: refactor ransomware report to improve readability and UI 2021-07-13 13:47:46 +03:00
VakarisZ 60cac3b287 Island: refactor file encryption table to display how many files were encrypted 2021-07-13 13:47:46 +03:00
VakarisZ 4a9062c480 Implements file encryption table in the ransomware report page 2021-07-13 13:47:46 +03:00
Mike Salvatore afe7498019
Merge pull request #1308 from guardicore/ransomware_encryption_table_data
Ransomware encryption table data
2021-07-13 06:46:58 -04:00
VakarisZ 3a2f5f5620 Island: reformat ransomware_report.py resource to conform to black 2021-07-13 13:30:24 +03:00
Ilija Lazoroski 563f3e7491 ui: Add margin to buttons and remove margin from page title 2021-07-13 11:51:40 +02:00
Ilija Lazoroski f9ed53a527 Island: Add UT tests for island mode model 2021-07-13 10:58:04 +02:00
Shreya 8efd562935 cc: Rename "sections" -> "orderedSections", and "sectionsOrder" -> "sections" in `ReportPage.js`
`sectionsOrder` was not handling the order of the sections.
It was only being used to render the selected section.
`sections` is what was actually handling the order of the sections,
which is now `orderedSections`.
2021-07-13 14:25:41 +05:30
Shreya 278a09e039 cc: Add ransomware report tab to reports page depending on mode 2021-07-13 14:23:51 +05:30
Shreya e5160a5fb4 agent: Sort files in ransomware payload's `_find_files()` before returning 2021-07-13 13:41:02 +05:30
VakarisZ a0e0e0a9be Island: fix rebase issues created when rebasing ransomware table generation feature 2021-07-13 09:32:50 +03:00
VakarisZ f8cbd4cb33 Island: change ransomware report table to return the amount of files encrypted and the number of total encryption attempts 2021-07-13 09:19:48 +03:00
Mike Salvatore 10a375ea66 Island: Fix failing test by upgrading mongomock 2021-07-13 09:19:48 +03:00
VakarisZ 2bcf3b0a90 Refactor ransomware report unit tests to mock "get_exploited()" method used. Also, minor refactorings in ransomware_report service and resource 2021-07-13 09:19:46 +03:00
VakarisZ 4254f8cd37 Refactor ransomware_report.py to use current report infrastructure for fetching exploited nodes
Re-using current report infrastructure means that it's more trivial to implement/maintain and is already tested. The downside is performance
2021-07-13 09:17:21 +03:00
VakarisZ 9492b14c95 Add unit tests and for ransomware report, which get skipped because of a bug in mongomock 2021-07-13 09:16:18 +03:00
VakarisZ f6eda771b2 Add a service responsible for fetching and formatting data for ransomware report, file encryption table 2021-07-13 09:14:31 +03:00
Mike Salvatore 3b80221c38
Merge pull request #1311 from guardicore/ransomware-fix-config-ui-description
Ransomware: fix description and add info box
2021-07-12 13:45:27 -04:00