From 2610666f935dff2d96c95c8ace3793c5822883f3 Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Mon, 15 Aug 2022 14:24:03 +0200
Subject: [PATCH] Agent: Publish an CredentialsStolenEvent from
 SSHCredentialCollector

---
 .../ssh_collector/ssh_credential_collector.py | 27 ++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_credential_collector.py b/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_credential_collector.py
index 04c9e65c2..45cd227d8 100644
--- a/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_credential_collector.py
+++ b/monkey/infection_monkey/credential_collectors/ssh_collector/ssh_credential_collector.py
@@ -1,14 +1,19 @@
 import logging
+import time
 from typing import Dict, Iterable, Sequence
 
 from common.credentials import Credentials, SSHKeypair, Username
 from common.event_queue import IEventQueue
+from common.events import CredentialsStolenEvent
+from infection_monkey.config import GUID
 from infection_monkey.credential_collectors.ssh_collector import ssh_handler
 from infection_monkey.i_puppet import ICredentialCollector
 from infection_monkey.telemetry.messengers.i_telemetry_messenger import ITelemetryMessenger
 
 logger = logging.getLogger(__name__)
 
+SSH_CREDENTIAL_COLLECTOR_TAG = "SSHCredentialsStolen"
+
 
 class SSHCredentialCollector(ICredentialCollector):
     """
@@ -23,8 +28,28 @@ class SSHCredentialCollector(ICredentialCollector):
         logger.info("Started scanning for SSH credentials")
         ssh_info = ssh_handler.get_ssh_info(self._telemetry_messenger)
         logger.info("Finished scanning for SSH credentials")
+        ssh_collector_credentials = SSHCredentialCollector._to_credentials(ssh_info)
 
-        return SSHCredentialCollector._to_credentials(ssh_info)
+        credentials_stolen_event = SSHCredentialCollector._generate_credentials_stolen_event(
+            ssh_collector_credentials
+        )
+        self._event_queue.publish(credentials_stolen_event)
+
+        return ssh_collector_credentials
+
+    @staticmethod
+    def _generate_credentials_stolen_event(
+        collected_credentials: Sequence[Credentials],
+    ) -> CredentialsStolenEvent:
+        credentials_stolen_event = CredentialsStolenEvent(
+            source=GUID,
+            target=None,
+            timestamp=time.time(),
+            tags=frozenset({SSH_CREDENTIAL_COLLECTOR_TAG, "T1005", "T1145"}),
+            stolen_credentials=collected_credentials,
+        )
+
+        return credentials_stolen_event
 
     @staticmethod
     def _to_credentials(ssh_info: Iterable[Dict]) -> Sequence[Credentials]: