forked from p15670423/monkey
Renamed all zero trust tests to zero trust checks in back-end. This increases readability, because it differentiates unit test code from production code
This commit is contained in:
parent
3490be1d8f
commit
4e1e9907b1
|
@ -9,8 +9,8 @@ from monkey_island.cc.services.edge.displayed_edge import EdgeService
|
|||
from monkey_island.cc.services.node import NodeService
|
||||
from monkey_island.cc.services.telemetry.processing.utils import \
|
||||
get_edge_by_scan_or_exploit_telemetry
|
||||
from monkey_island.cc.services.telemetry.zero_trust_tests.machine_exploited import \
|
||||
test_machine_exploited
|
||||
from monkey_island.cc.services.telemetry.zero_trust_checks.machine_exploited import \
|
||||
check_machine_exploited
|
||||
|
||||
|
||||
def process_exploit_telemetry(telemetry_json):
|
||||
|
@ -19,7 +19,7 @@ def process_exploit_telemetry(telemetry_json):
|
|||
update_network_with_exploit(edge, telemetry_json)
|
||||
update_node_credentials_from_successful_attempts(edge, telemetry_json)
|
||||
|
||||
test_machine_exploited(
|
||||
check_machine_exploited(
|
||||
current_monkey=Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid']),
|
||||
exploit_successful=telemetry_json['data']['result'],
|
||||
exploiter=telemetry_json['data']['exploiter'],
|
||||
|
|
|
@ -3,8 +3,8 @@ import copy
|
|||
from common.common_consts.post_breach_consts import POST_BREACH_COMMUNICATE_AS_NEW_USER
|
||||
from monkey_island.cc.database import mongo
|
||||
from monkey_island.cc.models import Monkey
|
||||
from monkey_island.cc.services.telemetry.zero_trust_tests.communicate_as_new_user import \
|
||||
test_new_user_communication
|
||||
from monkey_island.cc.services.telemetry.zero_trust_checks.communicate_as_new_user import \
|
||||
check_new_user_communication
|
||||
|
||||
EXECUTION_WITHOUT_OUTPUT = "(PBA execution produced no output)"
|
||||
|
||||
|
@ -13,7 +13,7 @@ def process_communicate_as_new_user_telemetry(telemetry_json):
|
|||
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
|
||||
message = telemetry_json['data']['result'][0]
|
||||
success = telemetry_json['data']['result'][1]
|
||||
test_new_user_communication(current_monkey, success, message)
|
||||
check_new_user_communication(current_monkey, success, message)
|
||||
|
||||
|
||||
POST_BREACH_TELEMETRY_PROCESSING_FUNCS = {
|
||||
|
|
|
@ -4,19 +4,19 @@ from monkey_island.cc.services.edge.edge import EdgeService
|
|||
from monkey_island.cc.services.node import NodeService
|
||||
from monkey_island.cc.services.telemetry.processing.utils import \
|
||||
get_edge_by_scan_or_exploit_telemetry
|
||||
from monkey_island.cc.services.telemetry.zero_trust_tests.data_endpoints import \
|
||||
test_open_data_endpoints
|
||||
from monkey_island.cc.services.telemetry.zero_trust_tests.segmentation import \
|
||||
test_segmentation_violation
|
||||
from monkey_island.cc.services.telemetry.zero_trust_checks.data_endpoints import \
|
||||
check_open_data_endpoints
|
||||
from monkey_island.cc.services.telemetry.zero_trust_checks.segmentation import \
|
||||
check_segmentation_violation
|
||||
|
||||
|
||||
def process_scan_telemetry(telemetry_json):
|
||||
update_edges_and_nodes_based_on_scan_telemetry(telemetry_json)
|
||||
test_open_data_endpoints(telemetry_json)
|
||||
check_open_data_endpoints(telemetry_json)
|
||||
|
||||
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
|
||||
target_ip = telemetry_json['data']['machine']['ip_addr']
|
||||
test_segmentation_violation(current_monkey, target_ip)
|
||||
check_segmentation_violation(current_monkey, target_ip)
|
||||
|
||||
|
||||
def update_edges_and_nodes_based_on_scan_telemetry(telemetry_json):
|
||||
|
|
|
@ -2,8 +2,8 @@ import logging
|
|||
|
||||
from monkey_island.cc.models import Monkey
|
||||
from monkey_island.cc.services.node import NodeService
|
||||
from monkey_island.cc.services.telemetry.zero_trust_tests.segmentation import \
|
||||
test_passed_findings_for_unreached_segments
|
||||
from monkey_island.cc.services.telemetry.zero_trust_checks.segmentation import \
|
||||
check_passed_findings_for_unreached_segments
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
@ -18,7 +18,7 @@ def process_state_telemetry(telemetry_json):
|
|||
|
||||
if telemetry_json['data']['done']:
|
||||
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
|
||||
test_passed_findings_for_unreached_segments(current_monkey)
|
||||
check_passed_findings_for_unreached_segments(current_monkey)
|
||||
|
||||
if telemetry_json['data']['version']:
|
||||
logger.info(f"monkey {telemetry_json['monkey_guid']} has version {telemetry_json['data']['version']}")
|
||||
|
|
|
@ -14,8 +14,8 @@ from monkey_island.cc.services.telemetry.processing.system_info_collectors.hostn
|
|||
process_hostname_telemetry
|
||||
from monkey_island.cc.services.telemetry.processing.system_info_collectors.scoutsuite import \
|
||||
process_scout_suite_telemetry
|
||||
from monkey_island.cc.services.telemetry.zero_trust_tests.antivirus_existence import \
|
||||
test_antivirus_existence
|
||||
from monkey_island.cc.services.telemetry.zero_trust_checks.antivirus_existence import \
|
||||
check_antivirus_existence
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
@ -23,7 +23,7 @@ SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS = {
|
|||
AWS_COLLECTOR: [process_aws_telemetry],
|
||||
ENVIRONMENT_COLLECTOR: [process_environment_telemetry],
|
||||
HOSTNAME_COLLECTOR: [process_hostname_telemetry],
|
||||
PROCESS_LIST_COLLECTOR: [test_antivirus_existence],
|
||||
PROCESS_LIST_COLLECTOR: [check_antivirus_existence],
|
||||
SCOUTSUITE_COLLECTOR: [process_scout_suite_telemetry]
|
||||
}
|
||||
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
from monkey_island.cc.services.node import NodeService
|
||||
from monkey_island.cc.services.telemetry.processing.utils import \
|
||||
get_tunnel_host_ip_from_proxy_field
|
||||
from monkey_island.cc.services.telemetry.zero_trust_tests.tunneling import \
|
||||
test_tunneling_violation
|
||||
from monkey_island.cc.services.telemetry.zero_trust_checks.tunneling import \
|
||||
check_tunneling_violation
|
||||
|
||||
|
||||
def process_tunnel_telemetry(telemetry_json):
|
||||
test_tunneling_violation(telemetry_json)
|
||||
check_tunneling_violation(telemetry_json)
|
||||
monkey_id = NodeService.get_monkey_by_guid(telemetry_json['monkey_guid'])["_id"]
|
||||
if telemetry_json['data']['proxy'] is not None:
|
||||
tunnel_host_ip = get_tunnel_host_ip_from_proxy_field(telemetry_json)
|
||||
|
|
|
@ -2,14 +2,13 @@ import json
|
|||
|
||||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
from monkey_island.cc.models import Monkey
|
||||
from monkey_island.cc.models.zero_trust.aggregate_finding import \
|
||||
AggregateFinding
|
||||
from monkey_island.cc.models.zero_trust.event import Event
|
||||
from monkey_island.cc.services.telemetry.zero_trust_tests.known_anti_viruses import \
|
||||
from monkey_island.cc.services.telemetry.zero_trust_checks.known_anti_viruses import \
|
||||
ANTI_VIRUS_KNOWN_PROCESS_NAMES
|
||||
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
|
||||
|
||||
|
||||
def test_antivirus_existence(process_list_json, monkey_guid):
|
||||
def check_antivirus_existence(process_list_json, monkey_guid):
|
||||
current_monkey = Monkey.get_single_monkey_by_guid(monkey_guid)
|
||||
|
||||
process_list_event = Event.create_event(
|
||||
|
@ -32,7 +31,7 @@ def test_antivirus_existence(process_list_json, monkey_guid):
|
|||
test_status = zero_trust_consts.STATUS_PASSED
|
||||
else:
|
||||
test_status = zero_trust_consts.STATUS_FAILED
|
||||
AggregateFinding.create_or_add_to_existing(
|
||||
MonkeyFindingService.create_or_add_to_existing(
|
||||
test=zero_trust_consts.TEST_ENDPOINT_SECURITY_EXISTS, status=test_status, events=events
|
||||
)
|
||||
|
|
@ -1,6 +1,5 @@
|
|||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
from monkey_island.cc.models.zero_trust.aggregate_finding import \
|
||||
AggregateFinding
|
||||
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
|
||||
from monkey_island.cc.models.zero_trust.event import Event
|
||||
|
||||
COMM_AS_NEW_USER_FAILED_FORMAT = "Monkey on {} couldn't communicate as new user. Details: {}"
|
||||
|
@ -8,8 +7,8 @@ COMM_AS_NEW_USER_SUCCEEDED_FORMAT = \
|
|||
"New user created by Monkey on {} successfully tried to communicate with the internet. Details: {}"
|
||||
|
||||
|
||||
def test_new_user_communication(current_monkey, success, message):
|
||||
AggregateFinding.create_or_add_to_existing(
|
||||
def check_new_user_communication(current_monkey, success, message):
|
||||
MonkeyFindingService.create_or_add_to_existing(
|
||||
test=zero_trust_consts.TEST_COMMUNICATE_AS_NEW_USER,
|
||||
# If the monkey succeeded to create a user, then the test failed.
|
||||
status=zero_trust_consts.STATUS_FAILED if success else zero_trust_consts.STATUS_PASSED,
|
|
@ -3,14 +3,13 @@ import json
|
|||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
from common.common_consts.network_consts import ES_SERVICE
|
||||
from monkey_island.cc.models import Monkey
|
||||
from monkey_island.cc.models.zero_trust.aggregate_finding import (
|
||||
AggregateFinding, add_malicious_activity_to_timeline)
|
||||
from monkey_island.cc.models.zero_trust.event import Event
|
||||
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
|
||||
|
||||
HTTP_SERVERS_SERVICES_NAMES = ['tcp-80']
|
||||
|
||||
|
||||
def test_open_data_endpoints(telemetry_json):
|
||||
def check_open_data_endpoints(telemetry_json):
|
||||
services = telemetry_json["data"]["machine"]["services"]
|
||||
current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
|
||||
found_http_server_status = zero_trust_consts.STATUS_PASSED
|
||||
|
@ -56,16 +55,16 @@ def test_open_data_endpoints(telemetry_json):
|
|||
event_type=zero_trust_consts.EVENT_TYPE_MONKEY_NETWORK
|
||||
))
|
||||
|
||||
AggregateFinding.create_or_add_to_existing(
|
||||
MonkeyFindingService.create_or_add_to_existing(
|
||||
test=zero_trust_consts.TEST_DATA_ENDPOINT_HTTP,
|
||||
status=found_http_server_status,
|
||||
events=events
|
||||
)
|
||||
|
||||
AggregateFinding.create_or_add_to_existing(
|
||||
MonkeyFindingService.create_or_add_to_existing(
|
||||
test=zero_trust_consts.TEST_DATA_ENDPOINT_ELASTIC,
|
||||
status=found_elastic_search_server,
|
||||
events=events
|
||||
)
|
||||
|
||||
add_malicious_activity_to_timeline(events)
|
||||
MonkeyFindingService.add_malicious_activity_to_timeline(events)
|
|
@ -1,10 +1,9 @@
|
|||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
from monkey_island.cc.models.zero_trust.aggregate_finding import (
|
||||
AggregateFinding, add_malicious_activity_to_timeline)
|
||||
from monkey_island.cc.models.zero_trust.event import Event
|
||||
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
|
||||
|
||||
|
||||
def test_machine_exploited(current_monkey, exploit_successful, exploiter, target_ip, timestamp):
|
||||
def check_machine_exploited(current_monkey, exploit_successful, exploiter, target_ip, timestamp):
|
||||
events = [
|
||||
Event.create_event(
|
||||
title="Exploit attempt",
|
||||
|
@ -30,10 +29,10 @@ def test_machine_exploited(current_monkey, exploit_successful, exploiter, target
|
|||
)
|
||||
status = zero_trust_consts.STATUS_FAILED
|
||||
|
||||
AggregateFinding.create_or_add_to_existing(
|
||||
MonkeyFindingService.create_or_add_to_existing(
|
||||
test=zero_trust_consts.TEST_MACHINE_EXPLOITED,
|
||||
status=status,
|
||||
events=events
|
||||
)
|
||||
|
||||
add_malicious_activity_to_timeline(events)
|
||||
MonkeyFindingService.add_malicious_activity_to_timeline(events)
|
|
@ -19,7 +19,7 @@ SEGMENTATION_VIOLATION_EVENT_TEXT = \
|
|||
"managed to communicate cross segment to {target_ip} (in segment {target_seg})."
|
||||
|
||||
|
||||
def test_segmentation_violation(current_monkey, target_ip):
|
||||
def check_segmentation_violation(current_monkey, target_ip):
|
||||
# TODO - lower code duplication between this and report.py.
|
||||
subnet_groups = get_config_network_segments_as_subnet_groups()
|
||||
for subnet_group in subnet_groups:
|
||||
|
@ -73,7 +73,7 @@ def get_segmentation_violation_event(current_monkey, source_subnet, target_ip, t
|
|||
)
|
||||
|
||||
|
||||
def test_passed_findings_for_unreached_segments(current_monkey):
|
||||
def check_passed_findings_for_unreached_segments(current_monkey):
|
||||
flat_all_subnets = [item for sublist in get_config_network_segments_as_subnet_groups() for item in sublist]
|
||||
create_or_add_findings_for_all_pairs(flat_all_subnets, current_monkey)
|
||||
|
|
@ -6,7 +6,7 @@ from monkey_island.cc.models.zero_trust.event import Event
|
|||
from monkey_island.cc.models.zero_trust.finding import Finding
|
||||
from monkey_island.cc.models.zero_trust.segmentation_finding import \
|
||||
SegmentationFinding
|
||||
from monkey_island.cc.services.telemetry.zero_trust_tests.segmentation import \
|
||||
from monkey_island.cc.services.telemetry.zero_trust_checks.segmentation import \
|
||||
create_or_add_findings_for_all_pairs
|
||||
from monkey_island.cc.testing.IslandTestCase import IslandTestCase
|
||||
|
||||
|
@ -15,7 +15,7 @@ SECOND_SUBNET = "2.2.2.0/24"
|
|||
THIRD_SUBNET = "3.3.3.3-3.3.3.200"
|
||||
|
||||
|
||||
class TestSegmentationTests(IslandTestCase):
|
||||
class TestSegmentationChecks(IslandTestCase):
|
||||
def test_create_findings_for_all_done_pairs(self):
|
||||
self.fail_if_not_testing_env()
|
||||
self.clean_finding_db()
|
|
@ -1,13 +1,12 @@
|
|||
import common.common_consts.zero_trust_consts as zero_trust_consts
|
||||
from monkey_island.cc.models import Monkey
|
||||
from monkey_island.cc.models.zero_trust.aggregate_finding import (
|
||||
AggregateFinding, add_malicious_activity_to_timeline)
|
||||
from monkey_island.cc.models.zero_trust.event import Event
|
||||
from monkey_island.cc.services.telemetry.processing.utils import \
|
||||
get_tunnel_host_ip_from_proxy_field
|
||||
from monkey_island.cc.services.zero_trust.monkey_finding_service import MonkeyFindingService
|
||||
|
||||
|
||||
def test_tunneling_violation(tunnel_telemetry_json):
|
||||
def check_tunneling_violation(tunnel_telemetry_json):
|
||||
if tunnel_telemetry_json['data']['proxy'] is not None:
|
||||
# Monkey is tunneling, create findings
|
||||
tunnel_host_ip = get_tunnel_host_ip_from_proxy_field(tunnel_telemetry_json)
|
||||
|
@ -20,10 +19,10 @@ def test_tunneling_violation(tunnel_telemetry_json):
|
|||
timestamp=tunnel_telemetry_json['timestamp']
|
||||
)]
|
||||
|
||||
AggregateFinding.create_or_add_to_existing(
|
||||
MonkeyFindingService.create_or_add_to_existing(
|
||||
test=zero_trust_consts.TEST_TUNNELING,
|
||||
status=zero_trust_consts.STATUS_FAILED,
|
||||
events=tunneling_events
|
||||
)
|
||||
|
||||
add_malicious_activity_to_timeline(tunneling_events)
|
||||
MonkeyFindingService.add_malicious_activity_to_timeline(tunneling_events)
|
Loading…
Reference in New Issue