diff --git a/monkey/common/data/zero_trust_consts.py b/monkey/common/data/zero_trust_consts.py index 99b4f2a2c..62d44b554 100644 --- a/monkey/common/data/zero_trust_consts.py +++ b/monkey/common/data/zero_trust_consts.py @@ -2,8 +2,8 @@ This file contains all the static data relating to Zero Trust. It is mostly used in the zero trust report generation and in creating findings. -This file contains static mappings between zero trust components such as: pillars, directives, tests, statuses. Some of -the mappings are computed when this module is loaded. +This file contains static mappings between zero trust components such as: pillars, recommendations, tests, statuses. +Some of the mappings are computed when this module is loaded. """ AUTOMATION_ORCHESTRATION = u"Automation & Orchestration" @@ -39,22 +39,22 @@ TESTS = ( TEST_DATA_ENDPOINT_ELASTIC ) -DIRECTIVE_DATA_TRANSIT = u"data_transit" -DIRECTIVE_ENDPOINT_SECURITY = u"endpoint_security" -DIRECTIVE_USER_BEHAVIOUR = u"user_behaviour" -DIRECTIVE_ANALYZE_NETWORK_TRAFFIC = u"analyze_network_traffic" -DIRECTIVE_SEGMENTATION = u"segmentation" -DIRECTIVES = { - DIRECTIVE_SEGMENTATION: u"Apply segmentation and micro-segmentation inside your network.", - DIRECTIVE_ANALYZE_NETWORK_TRAFFIC: u"Analyze network traffic for malicious activity.", - DIRECTIVE_USER_BEHAVIOUR: u"Adopt security user behavior analytics.", - DIRECTIVE_ENDPOINT_SECURITY: u"Use anti-virus and other traditional endpoint security solutions.", - DIRECTIVE_DATA_TRANSIT: u"Secure data at transit by encrypting it." +RECOMMENDATION_DATA_TRANSIT = u"data_transit" +RECOMMENDATION_ENDPOINT_SECURITY = u"endpoint_security" +RECOMMENDATION_USER_BEHAVIOUR = u"user_behaviour" +RECOMMENDATION_ANALYZE_NETWORK_TRAFFIC = u"analyze_network_traffic" +RECOMMENDATION_SEGMENTATION = u"segmentation" +RECOMMENDATIONS = { + RECOMMENDATION_SEGMENTATION: u"Apply segmentation and micro-segmentation inside your network.", + RECOMMENDATION_ANALYZE_NETWORK_TRAFFIC: u"Analyze network traffic for malicious activity.", + RECOMMENDATION_USER_BEHAVIOUR: u"Adopt security user behavior analytics.", + RECOMMENDATION_ENDPOINT_SECURITY: u"Use anti-virus and other traditional endpoint security solutions.", + RECOMMENDATION_DATA_TRANSIT: u"Secure data at transit by encrypting it." } POSSIBLE_STATUSES_KEY = u"possible_statuses" PILLARS_KEY = u"pillars" -DIRECTIVE_KEY = u"directive_key" +RECOMMENDATION_KEY = u"recommendation_key" FINDING_EXPLANATION_BY_STATUS_KEY = u"finding_explanation" TEST_EXPLANATION_KEY = u"explanation" TESTS_MAP = { @@ -64,7 +64,7 @@ TESTS_MAP = { STATUS_CONCLUSIVE: "Monkey performed cross-segment communication. Check firewall rules and logs.", STATUS_POSITIVE: "Monkey couldn't perform cross-segment communication. If relevant, check firewall logs." }, - DIRECTIVE_KEY: DIRECTIVE_SEGMENTATION, + RECOMMENDATION_KEY: RECOMMENDATION_SEGMENTATION, PILLARS_KEY: [NETWORKS], POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_POSITIVE, STATUS_CONCLUSIVE] }, @@ -73,7 +73,7 @@ TESTS_MAP = { FINDING_EXPLANATION_BY_STATUS_KEY: { STATUS_INCONCLUSIVE: "Monkey performed malicious actions in the network. Check SOC logs and alerts." }, - DIRECTIVE_KEY: DIRECTIVE_ANALYZE_NETWORK_TRAFFIC, + RECOMMENDATION_KEY: RECOMMENDATION_ANALYZE_NETWORK_TRAFFIC, PILLARS_KEY: [NETWORKS, VISIBILITY_ANALYTICS], POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_INCONCLUSIVE] }, @@ -83,7 +83,7 @@ TESTS_MAP = { STATUS_CONCLUSIVE: "Monkey didn't find ANY active endpoint security processes. Install and activate anti-virus software on endpoints.", STATUS_POSITIVE: "Monkey found active endpoint security processes. Check their logs to see if Monkey was a security concern." }, - DIRECTIVE_KEY: DIRECTIVE_ENDPOINT_SECURITY, + RECOMMENDATION_KEY: RECOMMENDATION_ENDPOINT_SECURITY, PILLARS_KEY: [DEVICES], POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_CONCLUSIVE, STATUS_POSITIVE] }, @@ -93,7 +93,7 @@ TESTS_MAP = { STATUS_CONCLUSIVE: "Monkey successfully exploited endpoints. Check IDS/IPS logs to see activity recognized and see which endpoints were compromised.", STATUS_POSITIVE: "Monkey didn't manage to exploit an endpoint." }, - DIRECTIVE_KEY: DIRECTIVE_ENDPOINT_SECURITY, + RECOMMENDATION_KEY: RECOMMENDATION_ENDPOINT_SECURITY, PILLARS_KEY: [DEVICES], POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_CONCLUSIVE, STATUS_INCONCLUSIVE] }, @@ -102,7 +102,7 @@ TESTS_MAP = { FINDING_EXPLANATION_BY_STATUS_KEY: { STATUS_INCONCLUSIVE: "Monkey was executed in a scheduled manner. Locate this activity in User-Behavior security software." }, - DIRECTIVE_KEY: DIRECTIVE_USER_BEHAVIOUR, + RECOMMENDATION_KEY: RECOMMENDATION_USER_BEHAVIOUR, PILLARS_KEY: [PEOPLE, NETWORKS], POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_INCONCLUSIVE] }, @@ -112,7 +112,7 @@ TESTS_MAP = { STATUS_CONCLUSIVE: "Monkey accessed ElasticSearch instances. Limit access to data by encrypting it in in-transit.", STATUS_POSITIVE: "Monkey didn't find open ElasticSearch instances. If you have such instances, look for alerts that indicate attempts to access them." }, - DIRECTIVE_KEY: DIRECTIVE_DATA_TRANSIT, + RECOMMENDATION_KEY: RECOMMENDATION_DATA_TRANSIT, PILLARS_KEY: [DATA], POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_CONCLUSIVE, STATUS_POSITIVE] }, @@ -122,7 +122,7 @@ TESTS_MAP = { STATUS_CONCLUSIVE: "Monkey accessed HTTP servers. Limit access to data by encrypting it in in-transit.", STATUS_POSITIVE: "Monkey didn't find open HTTP servers. If you have such servers, look for alerts that indicate attempts to access them." }, - DIRECTIVE_KEY: DIRECTIVE_DATA_TRANSIT, + RECOMMENDATION_KEY: RECOMMENDATION_DATA_TRANSIT, PILLARS_KEY: [DATA], POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_CONCLUSIVE, STATUS_POSITIVE] }, @@ -143,15 +143,15 @@ PILLARS_TO_TESTS = { AUTOMATION_ORCHESTRATION: [] } -DIRECTIVES_TO_TESTS = {} +RECOMMENDATIONS_TO_TESTS = {} -DIRECTIVES_TO_PILLARS = {} +RECOMMENDATIONS_TO_PILLARS = {} def populate_mappings(): populate_pillars_to_tests() - populate_directives_to_tests() - populate_directives_to_pillars() + populate_recommendations_to_tests() + populate_recommendations_to_pillars() def populate_pillars_to_tests(): @@ -161,17 +161,17 @@ def populate_pillars_to_tests(): PILLARS_TO_TESTS[pillar].append(test) -def populate_directives_to_tests(): - for single_directive in DIRECTIVES: - DIRECTIVES_TO_TESTS[single_directive] = [] +def populate_recommendations_to_tests(): + for single_recommendation in RECOMMENDATIONS: + RECOMMENDATIONS_TO_TESTS[single_recommendation] = [] for test, test_info in TESTS_MAP.items(): - DIRECTIVES_TO_TESTS[test_info[DIRECTIVE_KEY]].append(test) + RECOMMENDATIONS_TO_TESTS[test_info[RECOMMENDATION_KEY]].append(test) -def populate_directives_to_pillars(): - for directive, directive_tests in DIRECTIVES_TO_TESTS.items(): - directive_pillars = set() - for test in directive_tests: +def populate_recommendations_to_pillars(): + for recommendation, recommendation_tests in RECOMMENDATIONS_TO_TESTS.items(): + recommendations_pillars = set() + for test in recommendation_tests: for pillar in TESTS_MAP[test][PILLARS_KEY]: - directive_pillars.add(pillar) - DIRECTIVES_TO_PILLARS[directive] = directive_pillars + recommendations_pillars.add(pillar) + RECOMMENDATIONS_TO_PILLARS[recommendation] = recommendations_pillars diff --git a/monkey/monkey_island/cc/models/zero_trust/finding.py b/monkey/monkey_island/cc/models/zero_trust/finding.py index 5454ad9e1..382f7e5fb 100644 --- a/monkey/monkey_island/cc/models/zero_trust/finding.py +++ b/monkey/monkey_island/cc/models/zero_trust/finding.py @@ -14,7 +14,7 @@ from monkey_island.cc.models.zero_trust.event import Event class Finding(Document): """ This model represents a Zero-Trust finding: A result of a test the monkey/island might perform to see if a - specific directive of zero trust is upheld or broken. + specific recommendation of zero trust is upheld or broken. Findings might be Negative ❌ diff --git a/monkey/monkey_island/cc/resources/reporting/report.py b/monkey/monkey_island/cc/resources/reporting/report.py index fa2973759..db2f40518 100644 --- a/monkey/monkey_island/cc/resources/reporting/report.py +++ b/monkey/monkey_island/cc/resources/reporting/report.py @@ -14,7 +14,7 @@ REPORT_TYPES = [SECURITY_REPORT_TYPE, ZERO_TRUST_REPORT_TYPE] REPORT_DATA_PILLARS = "pillars" REPORT_DATA_FINDINGS = "findings" -REPORT_DATA_DIRECTIVES_STATUS = "directives" +REPORT_DATA_RECOMMENDATIONS_STATUS = "recommendations" __author__ = ["itay.mizeretz", "shay.nehmad"] @@ -33,8 +33,8 @@ class Report(flask_restful.Resource): "grades": ZeroTrustService.get_pillars_grades() } ) - elif report_data == REPORT_DATA_DIRECTIVES_STATUS: - return jsonify(ZeroTrustService.get_directives_status()) + elif report_data == REPORT_DATA_RECOMMENDATIONS_STATUS: + return jsonify(ZeroTrustService.get_recommendations_status()) elif report_data == REPORT_DATA_FINDINGS: return jsonify(ZeroTrustService.get_all_findings()) diff --git a/monkey/monkey_island/cc/server_config.json b/monkey/monkey_island/cc/server_config.json index 420f1b303..7bf106194 100644 --- a/monkey/monkey_island/cc/server_config.json +++ b/monkey/monkey_island/cc/server_config.json @@ -1,4 +1,4 @@ { - "server_config": "standard", + "server_config": "testing", "deployment": "develop" } diff --git a/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py b/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py index 30a1a08fe..790f757dd 100644 --- a/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py +++ b/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py @@ -98,7 +98,7 @@ class TestZeroTrustService(IslandTestCase): self.assertEquals(result, expected) - def test_get_directives_status(self): + def test_get_recommendations_status(self): self.fail_if_not_testing_env() self.clean_finding_db() @@ -108,7 +108,7 @@ class TestZeroTrustService(IslandTestCase): AUTOMATION_ORCHESTRATION: [], DATA: [ { - "directive": DIRECTIVES[DIRECTIVE_DATA_TRANSIT], + "recommendation": RECOMMENDATIONS[RECOMMENDATION_DATA_TRANSIT], "status": STATUS_CONCLUSIVE, "tests": [ { @@ -124,7 +124,7 @@ class TestZeroTrustService(IslandTestCase): ], DEVICES: [ { - "directive": DIRECTIVES[DIRECTIVE_ENDPOINT_SECURITY], + "recommendation": RECOMMENDATIONS[RECOMMENDATION_ENDPOINT_SECURITY], "status": STATUS_CONCLUSIVE, "tests": [ { @@ -140,7 +140,7 @@ class TestZeroTrustService(IslandTestCase): ], NETWORKS: [ { - "directive": DIRECTIVES[DIRECTIVE_SEGMENTATION], + "recommendation": RECOMMENDATIONS[RECOMMENDATION_SEGMENTATION], "status": STATUS_UNEXECUTED, "tests": [ { @@ -150,7 +150,7 @@ class TestZeroTrustService(IslandTestCase): ] }, { - "directive": DIRECTIVES[DIRECTIVE_USER_BEHAVIOUR], + "recommendation": RECOMMENDATIONS[RECOMMENDATION_USER_BEHAVIOUR], "status": STATUS_INCONCLUSIVE, "tests": [ { @@ -160,7 +160,7 @@ class TestZeroTrustService(IslandTestCase): ] }, { - "directive": DIRECTIVES[DIRECTIVE_ANALYZE_NETWORK_TRAFFIC], + "recommendation": RECOMMENDATIONS[RECOMMENDATION_ANALYZE_NETWORK_TRAFFIC], "status": STATUS_UNEXECUTED, "tests": [ { @@ -172,7 +172,7 @@ class TestZeroTrustService(IslandTestCase): ], PEOPLE: [ { - "directive": DIRECTIVES[DIRECTIVE_USER_BEHAVIOUR], + "recommendation": RECOMMENDATIONS[RECOMMENDATION_USER_BEHAVIOUR], "status": STATUS_INCONCLUSIVE, "tests": [ { @@ -184,7 +184,7 @@ class TestZeroTrustService(IslandTestCase): ], "Visibility & Analytics": [ { - "directive": DIRECTIVES[DIRECTIVE_ANALYZE_NETWORK_TRAFFIC], + "recommendation": RECOMMENDATIONS[RECOMMENDATION_ANALYZE_NETWORK_TRAFFIC], "status": STATUS_UNEXECUTED, "tests": [ { @@ -197,7 +197,7 @@ class TestZeroTrustService(IslandTestCase): "Workloads": [] } - self.assertEquals(ZeroTrustService.get_directives_status(), expected) + self.assertEquals(ZeroTrustService.get_recommendations_status(), expected) def test_get_pillars_to_statuses(self): self.fail_if_not_testing_env() diff --git a/monkey/monkey_island/cc/services/reporting/zero_trust_service.py b/monkey/monkey_island/cc/services/reporting/zero_trust_service.py index 8039d6e16..2db61cdc5 100644 --- a/monkey/monkey_island/cc/services/reporting/zero_trust_service.py +++ b/monkey/monkey_island/cc/services/reporting/zero_trust_service.py @@ -39,30 +39,30 @@ class ZeroTrustService(object): return pillar_grade @staticmethod - def get_directives_status(): - all_directive_statuses = {} + def get_recommendations_status(): + all_recommendations_statuses = {} # init with empty lists for pillar in PILLARS: - all_directive_statuses[pillar] = [] + all_recommendations_statuses[pillar] = [] - for directive, directive_tests in DIRECTIVES_TO_TESTS.items(): - for pillar in DIRECTIVES_TO_PILLARS[directive]: - all_directive_statuses[pillar].append( + for recommendation, recommendation_tests in RECOMMENDATIONS_TO_TESTS.items(): + for pillar in RECOMMENDATIONS_TO_PILLARS[recommendation]: + all_recommendations_statuses[pillar].append( { - "directive": DIRECTIVES[directive], - "tests": ZeroTrustService.__get_tests_status(directive_tests), - "status": ZeroTrustService.__get_directive_status(directive_tests) + "recommendation": RECOMMENDATIONS[recommendation], + "tests": ZeroTrustService.__get_tests_status(recommendation_tests), + "status": ZeroTrustService.__get_recommendation_status(recommendation_tests) } ) - return all_directive_statuses + return all_recommendations_statuses @staticmethod - def __get_directive_status(directive_tests): + def __get_recommendation_status(recommendation_tests): worst_status = STATUS_UNEXECUTED all_statuses = set() - for test in directive_tests: + for test in recommendation_tests: all_statuses |= set(Finding.objects(test=test).distinct("status")) for status in all_statuses: @@ -72,9 +72,9 @@ class ZeroTrustService(object): return worst_status @staticmethod - def __get_tests_status(directive_tests): + def __get_tests_status(recommendation_tests): results = [] - for test in directive_tests: + for test in recommendation_tests: test_findings = Finding.objects(test=test) results.append( { diff --git a/monkey/monkey_island/cc/ui/src/components/pages/ZeroTrustReportPage.js b/monkey/monkey_island/cc/ui/src/components/pages/ZeroTrustReportPage.js index 5c6b24614..6b598357f 100755 --- a/monkey/monkey_island/cc/ui/src/components/pages/ZeroTrustReportPage.js +++ b/monkey/monkey_island/cc/ui/src/components/pages/ZeroTrustReportPage.js @@ -68,7 +68,7 @@ class ZeroTrustReportPageComponent extends AuthComponent { } else { content =
{this.generateOverviewSection()} - {this.generateDirectivesSection()} + {this.generateRecommendationsSection()} {this.generateFindingsSection()}
; } @@ -102,7 +102,7 @@ class ZeroTrustReportPageComponent extends AuthComponent { ); } - generateDirectivesSection() { + generateRecommendationsSection() { return (

Recommendations

@@ -110,11 +110,11 @@ class ZeroTrustReportPageComponent extends AuthComponent { to understand how the monkey tested your adherence to that recommendation.

{ - Object.keys(this.state.directives).map((pillar) => + Object.keys(this.state.recommendations).map((pillar) => ) } @@ -152,7 +152,7 @@ class ZeroTrustReportPageComponent extends AuthComponent { } stillLoadingDataFromServer() { - return typeof this.state.findings === "undefined" || typeof this.state.pillars === "undefined" || typeof this.state.directives === "undefined"; + return typeof this.state.findings === "undefined" || typeof this.state.pillars === "undefined" || typeof this.state.recommendations === "undefined"; } getZeroTrustReportFromServer() { @@ -164,11 +164,11 @@ class ZeroTrustReportPageComponent extends AuthComponent { findings: res }); }); - this.authFetch('/api/report/zero_trust/directives') + this.authFetch('/api/report/zero_trust/recommendations') .then(res => res.json()) .then(res => { this.setState({ - directives: res + recommendations: res }); }); this.authFetch('/api/report/zero_trust/pillars') diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/RecommendationsStatusTable.js b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/RecommendationsStatusTable.js index 67891da64..e6a488a4f 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/RecommendationsStatusTable.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/RecommendationsStatusTable.js @@ -15,7 +15,7 @@ const columns = [ }, maxWidth: 80 }, - { Header: 'Recommendation', accessor: 'directive', + { Header: 'Recommendation', accessor: 'recommendation', style: {'whiteSpace': 'unset'} // This enables word wrap }, { Header: 'Tests', id: 'tests', @@ -66,10 +66,10 @@ class TestsStatus extends AuthComponent { export class RecommendationsStatusTable extends AuthComponent { render() { - return ; + return ; } } export default RecommendationsStatusTable; -RecommendationsStatusTable.propTypes = {directivesStatus: PropTypes.array}; +RecommendationsStatusTable.propTypes = {recommendationsStatus: PropTypes.array}; diff --git a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SinglePillarRecommendationsStatus.js b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SinglePillarRecommendationsStatus.js index cd2ce6420..4b437b837 100644 --- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SinglePillarRecommendationsStatus.js +++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SinglePillarRecommendationsStatus.js @@ -22,7 +22,7 @@ export default class SinglePillarRecommendationsStatus extends AuthComponent { - +