From 8317c03686f48e67cf3a4d74b58ba2796f318d9d Mon Sep 17 00:00:00 2001 From: Kekoa Kaaikala Date: Wed, 5 Oct 2022 13:29:03 +0000 Subject: [PATCH] Agent: Add tags to MSSQL propagation events --- monkey/infection_monkey/exploit/mssqlexec.py | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/monkey/infection_monkey/exploit/mssqlexec.py b/monkey/infection_monkey/exploit/mssqlexec.py index f3bda8d52..231a09fc2 100644 --- a/monkey/infection_monkey/exploit/mssqlexec.py +++ b/monkey/infection_monkey/exploit/mssqlexec.py @@ -8,6 +8,9 @@ import pymssql from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT from common.credentials import get_plaintext from common.tags import ( + T1059_ATTACK_TECHNIQUE_TAG, + T1071_ATTACK_TECHNIQUE_TAG, + T1105_ATTACK_TECHNIQUE_TAG, T1110_ATTACK_TECHNIQUE_TAG, T1210_ATTACK_TECHNIQUE_TAG, ) @@ -26,6 +29,12 @@ logger = logging.getLogger(__name__) MSSQL_EXPLOITER_TAG = "mssql-exploiter" EXPLOITER_TAGS = (MSSQL_EXPLOITER_TAG, T1110_ATTACK_TECHNIQUE_TAG, T1210_ATTACK_TECHNIQUE_TAG) +PROPAGATION_TAGS = ( + MSSQL_EXPLOITER_TAG, + T1059_ATTACK_TECHNIQUE_TAG, + T1071_ATTACK_TECHNIQUE_TAG, + T1105_ATTACK_TECHNIQUE_TAG, +) class MSSQLExploiter(HostExploiter): @@ -83,12 +92,14 @@ class MSSQLExploiter(HostExploiter): ) logger.error(error_message) - self._publish_propagation_event(self.host.ip_addr, False, error_message=error_message) + self._publish_propagation_event( + self.host.ip_addr, False, PROPAGATION_TAGS, error_message + ) self.exploit_result.error_message = error_message return self.exploit_result - self._publish_propagation_event(self.host.ip_addr, True) + self._publish_propagation_event(self.host.ip_addr, True, PROPAGATION_TAGS) self.exploit_result.propagation_success = True return self.exploit_result