p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Extracted duplicate code to `add_malicious_activity_to_timeline` helper function

This commit is contained in:
Shay Nehmad 2019-09-16 16:17:30 +03:00
parent 76c642e4b3
commit 0a11c4b007
5 changed files with 19 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
monkey/monkey_island/cc/models/zero_trust/aggregate_finding.py
View File

@ -1,3 +1,4 @@
from common.data.zero_trust_consts import TEST_MALICIOUS_ACTIVITY_TIMELINE, STATUS_VERIFY
from monkey_island.cc.models.zero_trust.finding import Finding from monkey_island.cc.models.zero_trust.finding import Finding
@ -21,3 +22,11 @@ class AggregateFinding(Finding):
orig_finding = existing_findings[0] orig_finding = existing_findings[0]
orig_finding.add_events(events) orig_finding.add_events(events)
orig_finding.save() orig_finding.save()
def add_malicious_activity_to_timeline(events):
AggregateFinding.create_or_add_to_existing(
test=TEST_MALICIOUS_ACTIVITY_TIMELINE,
status=STATUS_VERIFY,
events=events
)

4
monkey/monkey_island/cc/models/zero_trust/test_aggregate_finding.py
View File

@ -12,7 +12,7 @@ class TestAggregateFinding(IslandTestCase):
test = TEST_MALICIOUS_ACTIVITY_TIMELINE test = TEST_MALICIOUS_ACTIVITY_TIMELINE
status = STATUS_VERIFY status = STATUS_VERIFY
events = [Event.create_event("t", "t", EVENT_TYPE_ISLAND)] events = [Event.create_event("t", "t", EVENT_TYPE_MONKEY_NETWORK)]
self.assertEquals(len(Finding.objects(test=test, status=status)), 0) self.assertEquals(len(Finding.objects(test=test, status=status)), 0)
AggregateFinding.create_or_add_to_existing(test, status, events) AggregateFinding.create_or_add_to_existing(test, status, events)
@ -31,7 +31,7 @@ class TestAggregateFinding(IslandTestCase):
test = TEST_MALICIOUS_ACTIVITY_TIMELINE test = TEST_MALICIOUS_ACTIVITY_TIMELINE
status = STATUS_VERIFY status = STATUS_VERIFY
event = Event.create_event("t", "t", EVENT_TYPE_ISLAND) event = Event.create_event("t", "t", EVENT_TYPE_MONKEY_NETWORK)
events = [event] events = [event]
self.assertEquals(len(Finding.objects(test=test, status=status)), 0) self.assertEquals(len(Finding.objects(test=test, status=status)), 0)

8
monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py
View File

@ -3,7 +3,7 @@ import json
from common.data.network_consts import ES_SERVICE from common.data.network_consts import ES_SERVICE
from common.data.zero_trust_consts import * from common.data.zero_trust_consts import *
from monkey_island.cc.models import Monkey from monkey_island.cc.models import Monkey
from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding, add_malicious_activity_to_timeline
from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.models.zero_trust.event import Event
HTTP_SERVERS_SERVICES_NAMES = ['tcp-80'] HTTP_SERVERS_SERVICES_NAMES = ['tcp-80']
@ -67,8 +67,4 @@ def test_open_data_endpoints(telemetry_json):
events=events events=events
) )
AggregateFinding.create_or_add_to_existing( add_malicious_activity_to_timeline(events)
test=TEST_MALICIOUS_ACTIVITY_TIMELINE,
status=STATUS_VERIFY,
events=events
)

8
monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py
View File

@ -1,6 +1,6 @@
from common.data.zero_trust_consts import * from common.data.zero_trust_consts import *
from monkey_island.cc.models import Monkey from monkey_island.cc.models import Monkey
from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding, add_malicious_activity_to_timeline
from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.models.zero_trust.event import Event
@ -36,8 +36,4 @@ def test_machine_exploited(current_monkey, exploit_successful, exploiter, target
events=events events=events
) )
AggregateFinding.create_or_add_to_existing( add_malicious_activity_to_timeline(events)
test=TEST_MALICIOUS_ACTIVITY_TIMELINE,
status=STATUS_VERIFY,
events=events
)

12
monkey/monkey_island/cc/services/telemetry/zero_trust_tests/tunneling.py
View File

@ -1,7 +1,6 @@
from common.data.zero_trust_consts import TEST_TUNNELING, STATUS_FAILED, EVENT_TYPE_MONKEY_NETWORK, STATUS_VERIFY, \ from common.data.zero_trust_consts import TEST_TUNNELING, STATUS_FAILED, EVENT_TYPE_MONKEY_NETWORK
TEST_MALICIOUS_ACTIVITY_TIMELINE
from monkey_island.cc.models import Monkey from monkey_island.cc.models import Monkey
from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding from monkey_island.cc.models.zero_trust.aggregate_finding import AggregateFinding, add_malicious_activity_to_timeline
from monkey_island.cc.models.zero_trust.event import Event from monkey_island.cc.models.zero_trust.event import Event
from monkey_island.cc.services.telemetry.processing.utils import get_tunnel_host_ip_from_proxy_field from monkey_island.cc.services.telemetry.processing.utils import get_tunnel_host_ip_from_proxy_field
@ -18,14 +17,11 @@ def test_tunneling_violation(tunnel_telemetry_json):
event_type=EVENT_TYPE_MONKEY_NETWORK, event_type=EVENT_TYPE_MONKEY_NETWORK,
timestamp=tunnel_telemetry_json['timestamp'] timestamp=tunnel_telemetry_json['timestamp']
)] )]
AggregateFinding.create_or_add_to_existing( AggregateFinding.create_or_add_to_existing(
test=TEST_TUNNELING, test=TEST_TUNNELING,
status=STATUS_FAILED, status=STATUS_FAILED,
events=tunneling_events events=tunneling_events
) )
AggregateFinding.create_or_add_to_existing( add_malicious_activity_to_timeline(tunneling_events)
test=TEST_MALICIOUS_ACTIVITY_TIMELINE,
status=STATUS_VERIFY,
events=tunneling_events
)