From c1f52ee994a41493848a0f8289c4450a05d0389e Mon Sep 17 00:00:00 2001
From: Shay Nehmad <shay.nehmad@guardicore.com>
Date: Mon, 11 May 2020 22:36:38 +0300
Subject: [PATCH 1/3] Added a short summary sentence over each table in the
security report
Solves https://github.com/guardicore/monkey/issues/635
---
.../report-components/SecurityReport.js | 17 ++++++----
.../security/BreachedServers.js | 23 ++++++++-----
.../report-components/security/PostBreach.js | 32 ++++++++++++-------
.../security/ScannedServers.js | 30 ++++++++++++-----
4 files changed, 68 insertions(+), 34 deletions(-)
diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
index e25b7f126..d6891b5bb 100644
--- a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
@@ -407,18 +407,23 @@ class ReportPageComponent extends AuthComponent {
<div style={{position: 'relative', height: '80vh'}}>
<ReactiveGraph graph={this.state.graph} options={getOptions(this.state.nodeStateList)}/>
</div>
- <div style={{marginBottom: '20px'}}>
- <BreachedServers data={this.state.report.glance.exploited}/>
- </div>
- <div style={{marginBottom: '20px'}}>
- <PostBreach data={this.state.report.glance.scanned}/>
- </div>
+
<div style={{marginBottom: '20px'}}>
<ScannedServers data={this.state.report.glance.scanned}/>
</div>
+
+ <div style={{marginBottom: '20px'}}>
+ <BreachedServers data={this.state.report.glance.exploited}/>
+ </div>
+
+ <div style={{marginBottom: '20px'}}>
+ <PostBreach data={this.state.report.glance.scanned}/>
+ </div>
+
<div style={{position: 'relative', height: '80vh'}}>
{this.generateReportPthMap()}
</div>
+
<div style={{marginBottom: '20px'}}>
<StolenPasswords data={this.state.report.glance.stolen_creds.concat(this.state.report.glance.ssh_keys)}/>
</div>
diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/BreachedServers.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/BreachedServers.js
index 4eeb1f971..1b2efcd06 100644
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/BreachedServers.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/BreachedServers.js
@@ -1,5 +1,6 @@
import React from 'react';
import ReactTable from 'react-table'
+import Pluralize from "pluralize";
let renderArray = function (val) {
return <div>{val.map(x => <div>{x}</div>)}</div>;
@@ -34,14 +35,20 @@ class BreachedServersComponent extends React.Component {
let defaultPageSize = this.props.data.length > pageSize ? pageSize : this.props.data.length;
let showPagination = this.props.data.length > pageSize;
return (
- <div className="data-table-container">
- <ReactTable
- columns={columns}
- data={this.props.data}
- showPagination={showPagination}
- defaultPageSize={defaultPageSize}
- />
- </div>
+ <>
+ <p>
+ The Monkey successfully breached <span
+ className="label label-danger">{this.props.data.length}</span> {Pluralize('machines', this.props.data.length)}:
+ </p>
+ <div className="data-table-container">
+ <ReactTable
+ columns={columns}
+ data={this.props.data}
+ showPagination={showPagination}
+ defaultPageSize={defaultPageSize}
+ />
+ </div>
+ </>
);
}
}
diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreach.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreach.js
index b0fe5fa9e..2aa772db5 100644
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreach.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreach.js
@@ -1,5 +1,6 @@
import React from 'react';
import ReactTable from 'react-table'
+import Pluralize from 'pluralize'
let renderArray = function (val) {
return <span>{val.map(x => <span key={x}> {x}</span>)}</span>;
@@ -62,19 +63,26 @@ class PostBreachComponent extends React.Component {
});
let defaultPageSize = pbaMachines.length > pageSize ? pageSize : pbaMachines.length;
let showPagination = pbaMachines > pageSize;
+ const howManyPBAs = pbaMachines.reduce((accumulated, pbaMachine) => accumulated+pbaMachine["pba_results"].length,0)
return (
- <div className="data-table-container">
- <ReactTable
- columns={columns}
- data={pbaMachines}
- showPagination={showPagination}
- defaultPageSize={defaultPageSize}
- SubComponent={row => {
- return renderDetails(row.original.pba_results);
- }}
- />
- </div>
-
+ <>
+ <p>
+ The Monkey performed <span
+ className="label label-danger">{howManyPBAs}</span> post-breach {Pluralize('actions', howManyPBAs)} on <span
+ className="label label-warning">{pbaMachines.length}</span> {Pluralize('machines', pbaMachines.length)}:
+ </p>
+ <div className="data-table-container">
+ <ReactTable
+ columns={columns}
+ data={pbaMachines}
+ showPagination={showPagination}
+ defaultPageSize={defaultPageSize}
+ SubComponent={row => {
+ return renderDetails(row.original.pba_results);
+ }}
+ />
+ </div>
+ </>
);
}
}
diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/ScannedServers.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/ScannedServers.js
index 7a4495da3..f68415a3a 100644
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/ScannedServers.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/ScannedServers.js
@@ -1,5 +1,6 @@
import React from 'react';
import ReactTable from 'react-table'
+import Pluralize from 'pluralize'
let renderArray = function (val) {
return <div>{val.map(x => <div>{x}</div>)}</div>;
@@ -32,17 +33,30 @@ class ScannedServersComponent extends React.Component {
}
render() {
+
let defaultPageSize = this.props.data.length > pageSize ? pageSize : this.props.data.length;
let showPagination = this.props.data.length > pageSize;
+
+ const howManyScannedMachines = this.props.data.length;
+ const reducerFromScannedServerToServicesAmount = (accumulated, scannedServer) => accumulated + scannedServer["services"].length;
+ const howManyScannedServices = this.props.data.reduce(reducerFromScannedServerToServicesAmount, 0);
+
return (
- <div className="data-table-container">
- <ReactTable
- columns={columns}
- data={this.props.data}
- showPagination={showPagination}
- defaultPageSize={defaultPageSize}
- />
- </div>
+ <>
+ <p>
+ The Monkey discovered <span
+ className="label label-danger">{howManyScannedServices}</span> open {Pluralize('services', howManyScannedServices)} on <span
+ className="label label-warning">{howManyScannedMachines}</span> {Pluralize('machines', howManyScannedMachines)}:
+ </p>
+ <div className="data-table-container">
+ <ReactTable
+ columns={columns}
+ data={this.props.data}
+ showPagination={showPagination}
+ defaultPageSize={defaultPageSize}
+ />
+ </div>
+ </>
);
}
}
From 85b5a156fc32b6ee932f2260b385fad198c254a6 Mon Sep 17 00:00:00 2001
From: Shay Nehmad <shay.nehmad@guardicore.com>
Date: Tue, 12 May 2020 10:16:04 +0300
Subject: [PATCH 2/3] Fixed code review comments - JS linting and readability
---
.../security/BreachedServers.js | 6 +++---
.../report-components/security/PostBreach.js | 10 +++++-----
.../security/ScannedServers.js | 17 ++++++++++-------
3 files changed, 18 insertions(+), 15 deletions(-)
diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/BreachedServers.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/BreachedServers.js
index 1b2efcd06..3ea23a075 100644
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/BreachedServers.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/BreachedServers.js
@@ -1,6 +1,6 @@
import React from 'react';
-import ReactTable from 'react-table'
-import Pluralize from "pluralize";
+import ReactTable from 'react-table';
+import Pluralize from 'pluralize';
let renderArray = function (val) {
return <div>{val.map(x => <div>{x}</div>)}</div>;
@@ -38,7 +38,7 @@ class BreachedServersComponent extends React.Component {
<>
<p>
The Monkey successfully breached <span
- className="label label-danger">{this.props.data.length}</span> {Pluralize('machines', this.props.data.length)}:
+ className="label label-danger">{this.props.data.length}</span> {Pluralize('machine', this.props.data.length)}:
</p>
<div className="data-table-container">
<ReactTable
diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreach.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreach.js
index 2aa772db5..c482fb992 100644
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreach.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/PostBreach.js
@@ -1,6 +1,6 @@
import React from 'react';
-import ReactTable from 'react-table'
-import Pluralize from 'pluralize'
+import ReactTable from 'react-table';
+import Pluralize from 'pluralize';
let renderArray = function (val) {
return <span>{val.map(x => <span key={x}> {x}</span>)}</span>;
@@ -63,13 +63,13 @@ class PostBreachComponent extends React.Component {
});
let defaultPageSize = pbaMachines.length > pageSize ? pageSize : pbaMachines.length;
let showPagination = pbaMachines > pageSize;
- const howManyPBAs = pbaMachines.reduce((accumulated, pbaMachine) => accumulated+pbaMachine["pba_results"].length,0)
+ const pbaCount = pbaMachines.reduce((accumulated, pbaMachine) => accumulated+pbaMachine["pba_results"].length, 0);
return (
<>
<p>
The Monkey performed <span
- className="label label-danger">{howManyPBAs}</span> post-breach {Pluralize('actions', howManyPBAs)} on <span
- className="label label-warning">{pbaMachines.length}</span> {Pluralize('machines', pbaMachines.length)}:
+ className="label label-danger">{pbaCount}</span> post-breach {Pluralize('action', pbaCount)} on <span
+ className="label label-warning">{pbaMachines.length}</span> {Pluralize('machine', pbaMachines.length)}:
</p>
<div className="data-table-container">
<ReactTable
diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/security/ScannedServers.js b/monkey/monkey_island/cc/ui/src/components/report-components/security/ScannedServers.js
index f68415a3a..644d77f54 100644
--- a/monkey/monkey_island/cc/ui/src/components/report-components/security/ScannedServers.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/security/ScannedServers.js
@@ -1,6 +1,6 @@
import React from 'react';
-import ReactTable from 'react-table'
-import Pluralize from 'pluralize'
+import ReactTable from 'react-table';
+import Pluralize from 'pluralize';
let renderArray = function (val) {
return <div>{val.map(x => <div>{x}</div>)}</div>;
@@ -37,16 +37,19 @@ class ScannedServersComponent extends React.Component {
let defaultPageSize = this.props.data.length > pageSize ? pageSize : this.props.data.length;
let showPagination = this.props.data.length > pageSize;
- const howManyScannedMachines = this.props.data.length;
+ const scannedMachinesCount = this.props.data.length;
const reducerFromScannedServerToServicesAmount = (accumulated, scannedServer) => accumulated + scannedServer["services"].length;
- const howManyScannedServices = this.props.data.reduce(reducerFromScannedServerToServicesAmount, 0);
+ const scannedServicesAmount = this.props.data.reduce(reducerFromScannedServerToServicesAmount, 0);
return (
<>
<p>
- The Monkey discovered <span
- className="label label-danger">{howManyScannedServices}</span> open {Pluralize('services', howManyScannedServices)} on <span
- className="label label-warning">{howManyScannedMachines}</span> {Pluralize('machines', howManyScannedMachines)}:
+ The Monkey discovered
+ <span className="label label-danger">{scannedServicesAmount}</span>
+ open {Pluralize('service', scannedServicesAmount)}
+ on
+ <span className="label label-warning">{scannedMachinesCount}</span>
+ {Pluralize('machine', scannedMachinesCount)}:
</p>
<div className="data-table-container">
<ReactTable
From ee7051fdea214957cc7362cecd3737601594b57b Mon Sep 17 00:00:00 2001
From: VakarisZ <vakarisz@yahoo.com>
Date: Wed, 13 May 2020 12:45:19 +0300
Subject: [PATCH 3/3] Smallfixes on persistance/create user attack technique
---
.../cc/services/attack/attack_schema.py | 32 +++++++++----------
.../attack/technique_reports/T1136.py | 2 +-
.../src/components/attack/techniques/T1136.js | 4 ++-
3 files changed, 20 insertions(+), 18 deletions(-)
diff --git a/monkey/monkey_island/cc/services/attack/attack_schema.py b/monkey/monkey_island/cc/services/attack/attack_schema.py
index a49079fa4..3c3a451f2 100644
--- a/monkey/monkey_island/cc/services/attack/attack_schema.py
+++ b/monkey/monkey_island/cc/services/attack/attack_schema.py
@@ -66,6 +66,22 @@ SCHEMA = {
}
}
},
+ "persistence": {
+ "title": "Persistence",
+ "type": "object",
+ "link": "https://attack.mitre.org/tactics/TA0003/",
+ "properties": {
+ "T1136": {
+ "title": "Create account",
+ "type": "bool",
+ "value": True,
+ "necessary": False,
+ "link": "https://attack.mitre.org/techniques/T1136",
+ "description": "Adversaries with a sufficient level of access "
+ "may create a local system, domain, or cloud tenant account."
+ }
+ }
+ },
"defence_evasion": {
"title": "Defence evasion",
"type": "object",
@@ -289,22 +305,6 @@ SCHEMA = {
"description": "Data exfiltration is performed over the Command and Control channel."
}
}
- },
- "persistence": {
- "title": "Persistence",
- "type": "object",
- "link": "https://attack.mitre.org/tactics/TA0003/",
- "properties": {
- "T1136": {
- "title": "Create account",
- "type": "bool",
- "value": True,
- "necessary": False,
- "link": "https://attack.mitre.org/techniques/T1136",
- "description": "Adversaries with a sufficient level of access "
- "may create a local system, domain, or cloud tenant account."
- }
- }
}
}
}
diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py
index 04450d4a6..4cd78c9a3 100644
--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1136.py
@@ -34,5 +34,5 @@ class T1136(AttackTechnique):
'result': ': '.join([pba['name'], pba['result'][0]])
}]
})
- data.update(T1136.get_message_and_status(status))
+ data.update(T1136.get_base_data_by_status(status))
return data
diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1136.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1136.js
index b9c4b6aff..55cd9966c 100644
--- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1136.js
+++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1136.js
@@ -1,6 +1,7 @@
import React from 'react';
import ReactTable from 'react-table';
-import {renderMachineFromSystemData, ScanStatus} from './Helpers'
+import {renderMachineFromSystemData, ScanStatus} from './Helpers';
+import MitigationsComponent from "./MitigationsComponent";
class T1136 extends React.Component {
@@ -35,6 +36,7 @@ class T1136 extends React.Component {
showPagination={false}
defaultPageSize={this.props.data.info.length}
/> : ''}
+ <MitigationsComponent mitigations={this.props.data.mitigations}/>
</div>
);
}