Agent: Publish powershell exploitation events

monkey/infection_monkey/exploit/powershell.py

@@ -3,7 +3,11 @@ from pathlib import Path, PurePath
 from typing import List, Optional
 
 from common import OperatingSystem
-from common.tags import T1059_ATTACK_TECHNIQUE_TAG, T1105_ATTACK_TECHNIQUE_TAG
+from common.tags import (
+    T1059_ATTACK_TECHNIQUE_TAG,
+    T1105_ATTACK_TECHNIQUE_TAG,
+    T1110_ATTACK_TECHNIQUE_TAG,
+)
 from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.powershell_utils.auth_options import AuthOptions, get_auth_options
 from infection_monkey.exploit.powershell_utils.credentials import (
@@ -23,6 +27,7 @@ from infection_monkey.utils.threading import interruptible_iter
 
 logger = logging.getLogger(__name__)
 POWERSHELL_EXPLOITER_TAG = "powershell-exploiter"
+EXPLOITER_TAGS = (POWERSHELL_EXPLOITER_TAG, T1059_ATTACK_TECHNIQUE_TAG, T1110_ATTACK_TECHNIQUE_TAG)
 PROPAGATION_TAGS = (
     POWERSHELL_EXPLOITER_TAG,
     T1059_ATTACK_TECHNIQUE_TAG,
@@ -111,15 +116,20 @@ class PowerShellExploiter(HostExploiter):
                     f"{creds.username}, Secret Type: {creds.secret_type.name}"
                 )
 
+                self._publish_exploitation_event(self.host.ip_addr, True, EXPLOITER_TAGS)
                 self.exploit_result.exploitation_success = True
                 self._report_login_attempt(True, creds)
 
                 return client
             except Exception as ex:
-                logger.debug(
+                error_message = (
                     f"Error logging into {self.host.ip_addr} using Powershell. User: "
                     f"{creds.username}, SecretType: {creds.secret_type.name} -- Error: {ex}"
                 )
+                logger.debug(error_message)
+                self._publish_exploitation_event(
+                    self.host.ip_addr, False, EXPLOITER_TAGS, error_message
+                )
                 self._report_login_attempt(False, creds)
 
         return None