Mike Salvatore
9044c587a6
Agent: Pass a RansomwareConfig to RansomwarePayload
...
Rather than RansomwarePayload being responsible fro translating the
config dictionary into something usable, it now just accepts a
RansomwareConfig object which contains pre-processed configuration
options.
2021-07-15 11:26:02 -04:00
Mike Salvatore
6f5a7faaa1
Agent: Add RannsomwareConfig class
2021-07-15 11:23:32 -04:00
Mike Salvatore
918d233983
Agent: Add build_ransomware_payload() function
2021-07-14 12:48:37 -04:00
Mike Salvatore
fd3cc46e55
Agent: Remove unused return value from RansomwarePayload._encrypt_files
2021-07-14 12:07:19 -04:00
Mike Salvatore
0be919b805
Agent: Use mock encryptor in test_ransomware_payload.py
2021-07-14 09:18:59 -04:00
Mike Salvatore
d9cc66de54
Agent: Inject InPlaceFileEncryptor into RansomwarePayload
2021-07-14 08:50:49 -04:00
Mike Salvatore
0cb975a592
Agent: Rename InPlaceEncryptor -> InPlaceFileEncryptor
2021-07-14 08:38:51 -04:00
Mike Salvatore
39171f0950
Agent: Add ability to rename file to InPlaceEncryptor
2021-07-14 08:34:58 -04:00
Mike Salvatore
55ba5f530d
Agent: Add InPlaceEncryptor
...
InPlaceEncryptor encrypts a file in place. It accepts a callable that
performs the actual bit manipulation. This allows the in-place
encryption functionality to be easily reused, while the actual
encryption algorithm can be changed.
2021-07-14 08:33:42 -04:00
Mike Salvatore
ce2ad81321
Island: Replace concrete file selector with mock in ransomware tests
2021-07-14 07:14:49 -04:00
Mike Salvatore
81eba6e883
Agent: Accept a "select_files" Callable
2021-07-13 19:22:42 -04:00
Mike Salvatore
222c394dbc
Agent: Accept a "leave_readme" Callable instead of copy_file
2021-07-13 16:24:21 -04:00
Mike Salvatore
45a382f5ff
Add #1240 to CHANGELOG
2021-07-13 12:36:03 -04:00
Mike Salvatore
8977040d98
Merge pull request #1317 from guardicore/ransomware_table_ui
...
Ransomware table UI
2021-07-13 12:35:18 -04:00
Mike Salvatore
50cb687769
Island: Change colors of ransomware table text
...
If some files were encrypted, warning text color should be used. If all
files were encrypted, danger text color should be used.
2021-07-13 12:34:25 -04:00
Mike Salvatore
5aa5facf1f
Island: Move renderFileEncryptionStats to FileEncryptionTable.tsx
2021-07-13 11:26:07 -04:00
Mike Salvatore
77754cb4ff
Island: Remove superfluous description from ransomware report
2021-07-13 11:23:48 -04:00
Mike Salvatore
1f1b9bf2fc
Island: Deduplicate <p> in renderFileEncryptionStats()
2021-07-13 11:21:56 -04:00
Mike Salvatore
3c84e70ab1
Merge pull request #1314 from guardicore/1241/ransomware-quickstart-remove-congrats
...
Ransomware quickstart - Remove "Congrats" message and change header
2021-07-13 11:08:52 -04:00
Mike Salvatore
c89416f256
Merge pull request #1318 from guardicore/ransomware_quickstart_endpoint
...
Ransomware quickstart endpoint
2021-07-13 11:05:23 -04:00
Mike Salvatore
84a78a5048
Island: Don't catch Exception in POST /api/island-mode
...
Flask automatically traps exceptions, returns a 500, and logs a stack
trace. Since Flask will automatically return a 500, we don't need to
duplicate the functionality. Since it prints a stack trace, it provides
more useful information than catching it did.
2021-07-13 11:02:18 -04:00
Mike Salvatore
a0fb6fa2b6
Island: Return 400 from POST /api/island_mode on invalid JSON
2021-07-13 10:58:08 -04:00
Mike Salvatore
26d3782a66
Island: Test both "ransomware" and "advanced" modes
2021-07-13 10:49:15 -04:00
Mike Salvatore
7549e64b41
Island: Return 500 from POST /api/island-mode if unexpected exception
2021-07-13 10:46:47 -04:00
Ilija Lazoroski
bf5ff8dc71
ui: Rename RunServerPage to GettingStartedPage
2021-07-13 16:32:32 +02:00
Mike Salvatore
acdfeb858f
Tests: Move raise_() to a reusable location
2021-07-13 10:30:38 -04:00
Mike Salvatore
c56ca37bc0
Island: Respond with 422 instead of 404 from POST /api/island-mode
2021-07-13 10:25:52 -04:00
Ilija Lazoroski
9310463f44
UT: Refactor island mode test for set model
2021-07-13 10:25:52 -04:00
Ilija Lazoroski
81a8ccf673
Island: Return empty post status for island mode
2021-07-13 10:25:48 -04:00
Ilija Lazoroski
a5151a65a3
ui: Add style to css for RunServerPage
2021-07-13 15:22:35 +02:00
VakarisZ
3e2cf1d69c
Island: refactor RansomwareReport.js to not use the props in state initialization
2021-07-13 15:33:50 +03:00
Mike Salvatore
1a4d2eb76c
Merge pull request #1319 from guardicore/report-tabs-order-based-on-mode
...
Make ransomware report tab the default if in ransomware mode
2021-07-13 07:48:20 -04:00
VakarisZ
b408c650dc
Island: refactor ransomware report to improve readability and UI
2021-07-13 13:47:46 +03:00
VakarisZ
60cac3b287
Island: refactor file encryption table to display how many files were encrypted
2021-07-13 13:47:46 +03:00
VakarisZ
4a9062c480
Implements file encryption table in the ransomware report page
2021-07-13 13:47:46 +03:00
Mike Salvatore
afe7498019
Merge pull request #1308 from guardicore/ransomware_encryption_table_data
...
Ransomware encryption table data
2021-07-13 06:46:58 -04:00
VakarisZ
3a2f5f5620
Island: reformat ransomware_report.py resource to conform to black
2021-07-13 13:30:24 +03:00
Ilija Lazoroski
563f3e7491
ui: Add margin to buttons and remove margin from page title
2021-07-13 11:51:40 +02:00
Ilija Lazoroski
f9ed53a527
Island: Add UT tests for island mode model
2021-07-13 10:58:04 +02:00
Shreya
8efd562935
cc: Rename "sections" -> "orderedSections", and "sectionsOrder" -> "sections" in `ReportPage.js`
...
`sectionsOrder` was not handling the order of the sections.
It was only being used to render the selected section.
`sections` is what was actually handling the order of the sections,
which is now `orderedSections`.
2021-07-13 14:25:41 +05:30
Shreya
278a09e039
cc: Add ransomware report tab to reports page depending on mode
2021-07-13 14:23:51 +05:30
Shreya
e5160a5fb4
agent: Sort files in ransomware payload's `_find_files()` before returning
2021-07-13 13:41:02 +05:30
VakarisZ
a0e0e0a9be
Island: fix rebase issues created when rebasing ransomware table generation feature
2021-07-13 09:32:50 +03:00
VakarisZ
f8cbd4cb33
Island: change ransomware report table to return the amount of files encrypted and the number of total encryption attempts
2021-07-13 09:19:48 +03:00
Mike Salvatore
10a375ea66
Island: Fix failing test by upgrading mongomock
2021-07-13 09:19:48 +03:00
VakarisZ
2bcf3b0a90
Refactor ransomware report unit tests to mock "get_exploited()" method used. Also, minor refactorings in ransomware_report service and resource
2021-07-13 09:19:46 +03:00
VakarisZ
4254f8cd37
Refactor ransomware_report.py to use current report infrastructure for fetching exploited nodes
...
Re-using current report infrastructure means that it's more trivial to implement/maintain and is already tested. The downside is performance
2021-07-13 09:17:21 +03:00
VakarisZ
9492b14c95
Add unit tests and for ransomware report, which get skipped because of a bug in mongomock
2021-07-13 09:16:18 +03:00
VakarisZ
f6eda771b2
Add a service responsible for fetching and formatting data for ransomware report, file encryption table
2021-07-13 09:14:31 +03:00
Mike Salvatore
3b80221c38
Merge pull request #1311 from guardicore/ransomware-fix-config-ui-description
...
Ransomware: fix description and add info box
2021-07-12 13:45:27 -04:00