p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #1494 from guardicore/1415/add-ransomware-report-links 

1415/add ransomware report links
This commit is contained in:
Mike Salvatore 2021-09-29 08:51:08 -04:00 committed by GitHub
parent b791ee16e1 e67066dd0d
commit 51f179c145
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 69 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
monkey/monkey_island/cc/ui/src/components/report-components/common/ExternalLink.tsx Normal file
View File

@ -0,0 +1,19 @@
import React, {ReactFragment, ReactElement} from 'react';
import {FontAwesomeIcon} from '@fortawesome/react-fontawesome';
import {faExternalLinkSquareAlt} from '@fortawesome/free-solid-svg-icons';
type Props = {
url: string,
text: string,
}
function ExternalLink(props: Props): ReactElement {
return (
<a href={props.url} target="_blank" rel="noreferrer">
{props.text}
<FontAwesomeIcon icon={faExternalLinkSquareAlt} className="external-link-icon"/>
</a>
)
}
export default ExternalLink

18
monkey/monkey_island/cc/ui/src/components/report-components/ransomware/AttackSection.tsx
View File

@ -3,11 +3,21 @@ import IslandHttpClient from '../../IslandHttpClient';
import {FileEncryptionTable, TableRow} from './FileEncryptionTable'; import {FileEncryptionTable, TableRow} from './FileEncryptionTable';
import NumberedReportSection from './NumberedReportSection'; import NumberedReportSection from './NumberedReportSection';
import LoadingIcon from '../../ui-components/LoadingIcon'; import LoadingIcon from '../../ui-components/LoadingIcon';
import ExternalLink from '../common/ExternalLink';
const ATTACK_DESCRIPTION = <>
After the attacker or malware has propagated through your network,
your data is at risk on any machine the attacker can access. It can be
encrypted and held for ransom, exfiltrated, or manipulated in
whatever way the attacker chooses.
<br />
<br />
<ExternalLink
url="https://www.guardicore.com/blog/what-are-ransomware-costs/?utm_medium=monkey-request&utm_source=web-report&utm_campaign=monkey-security-report"
text="Learn about the financial impact of ransomware on Guardicore's blog"
/>
</>
const ATTACK_DESCRIPTION = 'After the attacker or malware has propagated through your network, \
your data is at risk on any machine the attacker can access. It can be \
encrypted and held for ransom, exfiltrated, or manipulated in \
whatever way the attacker chooses.'
const HOSTNAME_REGEX = /^(.* - )?(\S+) :.*$/; const HOSTNAME_REGEX = /^(.* - )?(\S+) :.*$/;
function AttackSection(): ReactElement { function AttackSection(): ReactElement {

18
monkey/monkey_island/cc/ui/src/components/report-components/ransomware/BreachSection.tsx
View File

@ -3,11 +3,23 @@ import IslandHttpClient from '../../IslandHttpClient';
import NumberedReportSection from './NumberedReportSection'; import NumberedReportSection from './NumberedReportSection';
import LoadingIcon from '../../ui-components/LoadingIcon'; import LoadingIcon from '../../ui-components/LoadingIcon';
import {renderLimitedArray} from '../common/RenderArrays'; import {renderLimitedArray} from '../common/RenderArrays';
import ExternalLink from '../common/ExternalLink';
const BREACH_DESCRIPTION = <>
Ransomware attacks start after machines in the internal network get
compromised. The initial compromise was simulated by running Monkey Agents
manually. Detecting ransomware at this stage will minimize the impact to the
organization.
<br />
<br />
<ExternalLink
url="https://www.guardicore.com/blog/4-techniques-for-early-ransomware-detection/?utm_medium=monkey-request&utm_source=web-report&utm_campaign=monkey-security-report"
text="Learn techniques for early ransomware detection on Guardicore's blog"
/>
</>
function BreachSection() { function BreachSection() {
const [machines, setMachines] = useState(null); const [machines, setMachines] = useState(null);
let description = 'Ransomware attacks start after machines in the internal network get compromised. ' +
'The initial compromise was simulated by running Monkey Agents manually.';
useEffect(() => { useEffect(() => {
IslandHttpClient.get('/api/exploitations/manual') IslandHttpClient.get('/api/exploitations/manual')
@ -16,7 +28,7 @@ function BreachSection() {
if(machines !== null){ if(machines !== null){
let body = getBreachSectionBody(machines); let body = getBreachSectionBody(machines);
return (<NumberedReportSection index={1} title={'Breach'} description={description} body={body}/>) return (<NumberedReportSection index={1} title={'Breach'} description={BREACH_DESCRIPTION} body={body}/>)
} else { } else {
return <LoadingIcon /> return <LoadingIcon />
} }

25
monkey/monkey_island/cc/ui/src/components/report-components/ransomware/LateralMovement.tsx
View File

@ -2,19 +2,20 @@ import React, {ReactElement} from 'react';
import NumberedReportSection from './NumberedReportSection'; import NumberedReportSection from './NumberedReportSection';
import pluralize from 'pluralize' import pluralize from 'pluralize'
import BreachedServersComponent from '../security/BreachedServers'; import BreachedServersComponent from '../security/BreachedServers';
import ExternalLink from '../common/ExternalLink';
const LATERAL_MOVEMENT_DESCRIPTION = 'After the initial breach, the attacker will begin the Lateral \ const LATERAL_MOVEMENT_DESCRIPTION = <>
Movement phase of the attack. They will employ various \ After the initial breach, the attacker will begin the Lateral
techniques in order to compromise other systems in your \ Movement phase of the attack. They will employ various
network. \ techniques in order to compromise other systems in your
<br /> \ network.
<br /> \ <br />
<a \ <br />
href="https://www.guardicore.com/blog/stopping-ransomware-with-segmentation/?utm_medium=monkey-request&utm_source=web-report&utm_campaign=monkey-security-report" \ <ExternalLink
target="_blank" \ url="https://www.guardicore.com/blog/stopping-ransomware-with-segmentation/?utm_medium=monkey-request&utm_source=web-report&utm_campaign=monkey-security-report"
> \ text="See some real-world examples on Guardicore's blog"
See some real-world examples on Guardicore\'s blog. \ />
</a>' </>
type PropagationStats = { type PropagationStats = {
num_scanned_nodes: number, num_scanned_nodes: number,

8
monkey/monkey_island/cc/ui/src/components/report-components/ransomware/NumberedReportSection.tsx
View File

@ -5,7 +5,7 @@ import {faInfoCircle} from '@fortawesome/free-solid-svg-icons';
type Props = { type Props = {
index: number, index: number,
title: string, title: string,
description: string, description: ReactFragment,
body: ReactFragment body: ReactFragment
} }
@ -14,7 +14,7 @@ function NumberedReportSection(props: Props): ReactElement {
<div className='numbered-report-section'> <div className='numbered-report-section'>
<Header index={props.index} title={props.title} /> <Header index={props.index} title={props.title} />
<div className='indented'> <div className='indented'>
<Description text={props.description} /> <Description description={props.description} />
{props.body} {props.body}
</div> </div>
</div> </div>
@ -27,11 +27,11 @@ function Header({index, title}: {index: number, title: string}): ReactElement {
) )
} }
function Description({text}: {text: string}): ReactElement { function Description({description}: {description: ReactFragment}): ReactElement {
return ( return (
<div className='alert alert-secondary description'> <div className='alert alert-secondary description'>
<FontAwesomeIcon icon={faInfoCircle} className='alert-icon'/> <FontAwesomeIcon icon={faInfoCircle} className='alert-icon'/>
<span dangerouslySetInnerHTML={{__html: text}} /> <span>{description}</span>
</div> </div>
) )
} }

4
monkey/monkey_island/cc/ui/src/styles/pages/report/RansomwareReport.scss
View File

@ -22,3 +22,7 @@
.ransomware-breach-section .ip-address { .ransomware-breach-section .ip-address {
display: inline-block; display: inline-block;
} }
.numbered-report-section .external-link-icon {
margin-left: .25em;
}