p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Common: Switch AbstractAgentEvent.source from int to AgentID

This commit is contained in:
Mike Salvatore 2022-09-13 13:19:58 -04:00
parent 80cd5a05a1
commit 1503c3f0ba
4 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
monkey/common/events/abstract_agent_event.py
View File

@ -2,11 +2,11 @@ import time
from abc import ABC from abc import ABC
from ipaddress import IPv4Address from ipaddress import IPv4Address
from typing import FrozenSet, Union from typing import FrozenSet, Union
from uuid import getnode
from pydantic import Field from pydantic import Field
from common.base_models import InfectionMonkeyBaseModel from common.base_models import InfectionMonkeyBaseModel
from common.types import AgentID
class AbstractAgentEvent(InfectionMonkeyBaseModel, ABC): class AbstractAgentEvent(InfectionMonkeyBaseModel, ABC):
@ -24,7 +24,7 @@ class AbstractAgentEvent(InfectionMonkeyBaseModel, ABC):
:param tags: The set of tags associated with the event :param tags: The set of tags associated with the event
""" """
source: int = Field(default_factory=getnode) source: AgentID
target: Union[int, IPv4Address, None] = Field(default=None) target: Union[int, IPv4Address, None] = Field(default=None)
timestamp: float = Field(default_factory=time.time) timestamp: float = Field(default_factory=time.time)
tags: FrozenSet[str] = Field(default_factory=frozenset) tags: FrozenSet[str] = Field(default_factory=frozenset)

2
monkey/infection_monkey/credential_collectors/mimikatz_collector/mimikatz_credential_collector.py
View File

@ -6,6 +6,7 @@ from common.event_queue import IAgentEventQueue
from common.events import CredentialsStolenEvent from common.events import CredentialsStolenEvent
from infection_monkey.i_puppet import ICredentialCollector from infection_monkey.i_puppet import ICredentialCollector
from infection_monkey.model import USERNAME_PREFIX from infection_monkey.model import USERNAME_PREFIX
from infection_monkey.utils.ids import get_agent_id
from . import pypykatz_handler from . import pypykatz_handler
from .windows_credentials import WindowsCredentials from .windows_credentials import WindowsCredentials
@ -76,6 +77,7 @@ class MimikatzCredentialCollector(ICredentialCollector):
def _publish_credentials_stolen_event(self, collected_credentials: Sequence[Credentials]): def _publish_credentials_stolen_event(self, collected_credentials: Sequence[Credentials]):
credentials_stolen_event = CredentialsStolenEvent( credentials_stolen_event = CredentialsStolenEvent(
source=get_agent_id(),
tags=MIMIKATZ_EVENT_TAGS, tags=MIMIKATZ_EVENT_TAGS,
stolen_credentials=collected_credentials, stolen_credentials=collected_credentials,
) )

2
monkey/infection_monkey/credential_collectors/ssh_collector/ssh_handler.py
View File

@ -11,6 +11,7 @@ from infection_monkey.telemetry.attack.t1005_telem import T1005Telem
from infection_monkey.telemetry.attack.t1145_telem import T1145Telem from infection_monkey.telemetry.attack.t1145_telem import T1145Telem
from infection_monkey.telemetry.messengers.i_telemetry_messenger import ITelemetryMessenger from infection_monkey.telemetry.messengers.i_telemetry_messenger import ITelemetryMessenger
from infection_monkey.utils.environment import is_windows_os from infection_monkey.utils.environment import is_windows_os
from infection_monkey.utils.ids import get_agent_id
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -172,6 +173,7 @@ def _publish_credentials_stolen_event(
collected_credentials: Credentials, event_queue: IAgentEventQueue collected_credentials: Credentials, event_queue: IAgentEventQueue
): ):
credentials_stolen_event = CredentialsStolenEvent( credentials_stolen_event = CredentialsStolenEvent(
source=get_agent_id(),
tags=SSH_COLLECTOR_EVENT_TAGS, tags=SSH_COLLECTOR_EVENT_TAGS,
stolen_credentials=[collected_credentials], stolen_credentials=[collected_credentials],
) )

11
monkey/tests/unit_tests/common/event_serializers/test_pydantic_event_serializer.py
View File

@ -1,13 +1,15 @@
from abc import ABC from abc import ABC
from dataclasses import dataclass from dataclasses import dataclass
from uuid import UUID
import pytest import pytest
from pydantic import Field from pydantic import Field
from common.base_models import InfectionMonkeyBaseModel
from common.event_serializers import IEventSerializer, PydanticEventSerializer from common.event_serializers import IEventSerializer, PydanticEventSerializer
from common.events import AbstractAgentEvent from common.events import AbstractAgentEvent
AGENT_ID = UUID("f811ad00-5a68-4437-bd51-7b5cc1768ad5")
@dataclass(frozen=True) @dataclass(frozen=True)
class NotAgentEvent(ABC): class NotAgentEvent(ABC):
@ -19,7 +21,7 @@ class SomeAgentEvent(AbstractAgentEvent):
bogus: int = Field(default_factory=int) bogus: int = Field(default_factory=int)
class PydanticEvent(InfectionMonkeyBaseModel): class PydanticEvent(AbstractAgentEvent):
some_field: str some_field: str
@ -29,7 +31,8 @@ def pydantic_event_serializer() -> IEventSerializer:
@pytest.mark.parametrize( @pytest.mark.parametrize(
"event", [NotAgentEvent(some_field=1, other_field=2.0), SomeAgentEvent(bogus=2)] "event",
[NotAgentEvent(some_field=1, other_field=2.0), SomeAgentEvent(source=AGENT_ID, bogus=2)],
) )
def test_pydantic_event_serializer__serialize_wrong_type(pydantic_event_serializer, event): def test_pydantic_event_serializer__serialize_wrong_type(pydantic_event_serializer, event):
with pytest.raises(TypeError): with pytest.raises(TypeError):
@ -42,7 +45,7 @@ def test_pydantic_event_serializer__deserialize_wrong_type(pydantic_event_serial
def test_pydanitc_event_serializer__de_serialize(pydantic_event_serializer): def test_pydanitc_event_serializer__de_serialize(pydantic_event_serializer):
pydantic_event = PydanticEvent(some_field="some_field") pydantic_event = PydanticEvent(source=AGENT_ID, some_field="some_field")
serialized_event = pydantic_event_serializer.serialize(pydantic_event) serialized_event = pydantic_event_serializer.serialize(pydantic_event)
deserialized_object = pydantic_event_serializer.deserialize(serialized_event) deserialized_object = pydantic_event_serializer.deserialize(serialized_event)