Refactored directives to recommendations

2019-08-28 10:35:47 +03:00 · 2019-08-28 10:35:47 +03:00 · bb1ee6ff14
parent 32bc318c69
commit bb1ee6ff14
9 changed files with 74 additions and 74 deletions
--- a/monkey/common/data/zero_trust_consts.py
+++ b/monkey/common/data/zero_trust_consts.py
@ -2,8 +2,8 @@
 This file contains all the static data relating to Zero Trust. It is mostly used in the zero trust report generation and
 in creating findings.
-This file contains static mappings between zero trust components such as: pillars, directives, tests, statuses. Some of
+This file contains static mappings between zero trust components such as: pillars, recommendations, tests, statuses.
-the mappings are computed when this module is loaded.
+Some of the mappings are computed when this module is loaded.
 """
 AUTOMATION_ORCHESTRATION = u"Automation & Orchestration"
@ -39,22 +39,22 @@ TESTS = (
    TEST_DATA_ENDPOINT_ELASTIC
 )
-DIRECTIVE_DATA_TRANSIT = u"data_transit"
+RECOMMENDATION_DATA_TRANSIT = u"data_transit"
-DIRECTIVE_ENDPOINT_SECURITY = u"endpoint_security"
+RECOMMENDATION_ENDPOINT_SECURITY = u"endpoint_security"
-DIRECTIVE_USER_BEHAVIOUR = u"user_behaviour"
+RECOMMENDATION_USER_BEHAVIOUR = u"user_behaviour"
-DIRECTIVE_ANALYZE_NETWORK_TRAFFIC = u"analyze_network_traffic"
+RECOMMENDATION_ANALYZE_NETWORK_TRAFFIC = u"analyze_network_traffic"
-DIRECTIVE_SEGMENTATION = u"segmentation"
+RECOMMENDATION_SEGMENTATION = u"segmentation"
-DIRECTIVES = {
+RECOMMENDATIONS = {
-    DIRECTIVE_SEGMENTATION: u"Apply segmentation and micro-segmentation inside your network.",
+    RECOMMENDATION_SEGMENTATION: u"Apply segmentation and micro-segmentation inside your network.",
-    DIRECTIVE_ANALYZE_NETWORK_TRAFFIC: u"Analyze network traffic for malicious activity.",
+    RECOMMENDATION_ANALYZE_NETWORK_TRAFFIC: u"Analyze network traffic for malicious activity.",
-    DIRECTIVE_USER_BEHAVIOUR: u"Adopt security user behavior analytics.",
+    RECOMMENDATION_USER_BEHAVIOUR: u"Adopt security user behavior analytics.",
-    DIRECTIVE_ENDPOINT_SECURITY: u"Use anti-virus and other traditional endpoint security solutions.",
+    RECOMMENDATION_ENDPOINT_SECURITY: u"Use anti-virus and other traditional endpoint security solutions.",
-    DIRECTIVE_DATA_TRANSIT: u"Secure data at transit by encrypting it."
+    RECOMMENDATION_DATA_TRANSIT: u"Secure data at transit by encrypting it."
 }
 POSSIBLE_STATUSES_KEY = u"possible_statuses"
 PILLARS_KEY = u"pillars"
-DIRECTIVE_KEY = u"directive_key"
+RECOMMENDATION_KEY = u"recommendation_key"
 FINDING_EXPLANATION_BY_STATUS_KEY = u"finding_explanation"
 TEST_EXPLANATION_KEY = u"explanation"
 TESTS_MAP = {
@ -64,7 +64,7 @@ TESTS_MAP = {
            STATUS_CONCLUSIVE: "Monkey performed cross-segment communication. Check firewall rules and logs.",
            STATUS_POSITIVE: "Monkey couldn't perform cross-segment communication. If relevant, check firewall logs."
        },
-        DIRECTIVE_KEY: DIRECTIVE_SEGMENTATION,
+        RECOMMENDATION_KEY: RECOMMENDATION_SEGMENTATION,
        PILLARS_KEY: [NETWORKS],
        POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_POSITIVE, STATUS_CONCLUSIVE]
    },
@ -73,7 +73,7 @@ TESTS_MAP = {
        FINDING_EXPLANATION_BY_STATUS_KEY: {
            STATUS_INCONCLUSIVE: "Monkey performed malicious actions in the network. Check SOC logs and alerts."
        },
-        DIRECTIVE_KEY: DIRECTIVE_ANALYZE_NETWORK_TRAFFIC,
+        RECOMMENDATION_KEY: RECOMMENDATION_ANALYZE_NETWORK_TRAFFIC,
        PILLARS_KEY: [NETWORKS, VISIBILITY_ANALYTICS],
        POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_INCONCLUSIVE]
    },
@ -83,7 +83,7 @@ TESTS_MAP = {
            STATUS_CONCLUSIVE: "Monkey didn't find ANY active endpoint security processes. Install and activate anti-virus software on endpoints.",
            STATUS_POSITIVE: "Monkey found active endpoint security processes. Check their logs to see if Monkey was a security concern."
        },
-        DIRECTIVE_KEY: DIRECTIVE_ENDPOINT_SECURITY,
+        RECOMMENDATION_KEY: RECOMMENDATION_ENDPOINT_SECURITY,
        PILLARS_KEY: [DEVICES],
        POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_CONCLUSIVE, STATUS_POSITIVE]
    },
@ -93,7 +93,7 @@ TESTS_MAP = {
            STATUS_CONCLUSIVE: "Monkey successfully exploited endpoints. Check IDS/IPS logs to see activity recognized and see which endpoints were compromised.",
            STATUS_POSITIVE: "Monkey didn't manage to exploit an endpoint."
        },
-        DIRECTIVE_KEY: DIRECTIVE_ENDPOINT_SECURITY,
+        RECOMMENDATION_KEY: RECOMMENDATION_ENDPOINT_SECURITY,
        PILLARS_KEY: [DEVICES],
        POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_CONCLUSIVE, STATUS_INCONCLUSIVE]
    },
@ -102,7 +102,7 @@ TESTS_MAP = {
        FINDING_EXPLANATION_BY_STATUS_KEY: {
            STATUS_INCONCLUSIVE: "Monkey was executed in a scheduled manner. Locate this activity in User-Behavior security software."
        },
-        DIRECTIVE_KEY: DIRECTIVE_USER_BEHAVIOUR,
+        RECOMMENDATION_KEY: RECOMMENDATION_USER_BEHAVIOUR,
        PILLARS_KEY: [PEOPLE, NETWORKS],
        POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_INCONCLUSIVE]
    },
@ -112,7 +112,7 @@ TESTS_MAP = {
            STATUS_CONCLUSIVE: "Monkey accessed ElasticSearch instances. Limit access to data by encrypting it in in-transit.",
            STATUS_POSITIVE: "Monkey didn't find open ElasticSearch instances. If you have such instances, look for alerts that indicate attempts to access them."
        },
-        DIRECTIVE_KEY: DIRECTIVE_DATA_TRANSIT,
+        RECOMMENDATION_KEY: RECOMMENDATION_DATA_TRANSIT,
        PILLARS_KEY: [DATA],
        POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_CONCLUSIVE, STATUS_POSITIVE]
    },
@ -122,7 +122,7 @@ TESTS_MAP = {
            STATUS_CONCLUSIVE: "Monkey accessed HTTP servers. Limit access to data by encrypting it in in-transit.",
            STATUS_POSITIVE: "Monkey didn't find open HTTP servers. If you have such servers, look for alerts that indicate attempts to access them."
        },
-        DIRECTIVE_KEY: DIRECTIVE_DATA_TRANSIT,
+        RECOMMENDATION_KEY: RECOMMENDATION_DATA_TRANSIT,
        PILLARS_KEY: [DATA],
        POSSIBLE_STATUSES_KEY: [STATUS_UNEXECUTED, STATUS_CONCLUSIVE, STATUS_POSITIVE]
    },
@ -143,15 +143,15 @@ PILLARS_TO_TESTS = {
    AUTOMATION_ORCHESTRATION: []
 }
-DIRECTIVES_TO_TESTS = {}
+RECOMMENDATIONS_TO_TESTS = {}
-DIRECTIVES_TO_PILLARS = {}
+RECOMMENDATIONS_TO_PILLARS = {}
 def populate_mappings():
    populate_pillars_to_tests()
-    populate_directives_to_tests()
+    populate_recommendations_to_tests()
-    populate_directives_to_pillars()
+    populate_recommendations_to_pillars()
 def populate_pillars_to_tests():
@ -161,17 +161,17 @@ def populate_pillars_to_tests():
                PILLARS_TO_TESTS[pillar].append(test)
-def populate_directives_to_tests():
+def populate_recommendations_to_tests():
-    for single_directive in DIRECTIVES:
+    for single_recommendation in RECOMMENDATIONS:
-        DIRECTIVES_TO_TESTS[single_directive] = []
+        RECOMMENDATIONS_TO_TESTS[single_recommendation] = []
    for test, test_info in TESTS_MAP.items():
-        DIRECTIVES_TO_TESTS[test_info[DIRECTIVE_KEY]].append(test)
+        RECOMMENDATIONS_TO_TESTS[test_info[RECOMMENDATION_KEY]].append(test)
-def populate_directives_to_pillars():
+def populate_recommendations_to_pillars():
-    for directive, directive_tests in DIRECTIVES_TO_TESTS.items():
+    for recommendation, recommendation_tests in RECOMMENDATIONS_TO_TESTS.items():
-        directive_pillars = set()
+        recommendations_pillars = set()
-        for test in directive_tests:
+        for test in recommendation_tests:
            for pillar in TESTS_MAP[test][PILLARS_KEY]:
-                directive_pillars.add(pillar)
+                recommendations_pillars.add(pillar)
-        DIRECTIVES_TO_PILLARS[directive] = directive_pillars
+        RECOMMENDATIONS_TO_PILLARS[recommendation] = recommendations_pillars
--- a/monkey/monkey_island/cc/models/zero_trust/finding.py
+++ b/monkey/monkey_island/cc/models/zero_trust/finding.py
@ -14,7 +14,7 @@ from monkey_island.cc.models.zero_trust.event import Event
 class Finding(Document):
    """
    This model represents a Zero-Trust finding: A result of a test the monkey/island might perform to see if a
-    specific directive of zero trust is upheld or broken.
+    specific recommendation of zero trust is upheld or broken.
    Findings might be
        Negative ❌
--- a/monkey/monkey_island/cc/resources/reporting/report.py
+++ b/monkey/monkey_island/cc/resources/reporting/report.py
@ -14,7 +14,7 @@ REPORT_TYPES = [SECURITY_REPORT_TYPE, ZERO_TRUST_REPORT_TYPE]
 REPORT_DATA_PILLARS = "pillars"
 REPORT_DATA_FINDINGS = "findings"
-REPORT_DATA_DIRECTIVES_STATUS = "directives"
+REPORT_DATA_RECOMMENDATIONS_STATUS = "recommendations"
 __author__ = ["itay.mizeretz", "shay.nehmad"]
@ -33,8 +33,8 @@ class Report(flask_restful.Resource):
                        "grades": ZeroTrustService.get_pillars_grades()
                    }
                )
-            elif report_data == REPORT_DATA_DIRECTIVES_STATUS:
+            elif report_data == REPORT_DATA_RECOMMENDATIONS_STATUS:
-                return jsonify(ZeroTrustService.get_directives_status())
+                return jsonify(ZeroTrustService.get_recommendations_status())
            elif report_data == REPORT_DATA_FINDINGS:
                return jsonify(ZeroTrustService.get_all_findings())
--- a/monkey/monkey_island/cc/server_config.json
+++ b/monkey/monkey_island/cc/server_config.json
@ -1,4 +1,4 @@
 {
-  "server_config": "standard",
+  "server_config": "testing",
  "deployment": "develop"
 }
--- a/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py
+++ b/monkey/monkey_island/cc/services/reporting/test_zero_trust_service.py
@ -98,7 +98,7 @@ class TestZeroTrustService(IslandTestCase):
        self.assertEquals(result, expected)
-    def test_get_directives_status(self):
+    def test_get_recommendations_status(self):
        self.fail_if_not_testing_env()
        self.clean_finding_db()
@ -108,7 +108,7 @@ class TestZeroTrustService(IslandTestCase):
            AUTOMATION_ORCHESTRATION: [],
            DATA: [
                {
-                    "directive": DIRECTIVES[DIRECTIVE_DATA_TRANSIT],
+                    "recommendation": RECOMMENDATIONS[RECOMMENDATION_DATA_TRANSIT],
                    "status": STATUS_CONCLUSIVE,
                    "tests": [
                        {
@ -124,7 +124,7 @@ class TestZeroTrustService(IslandTestCase):
            ],
            DEVICES: [
                {
-                    "directive": DIRECTIVES[DIRECTIVE_ENDPOINT_SECURITY],
+                    "recommendation": RECOMMENDATIONS[RECOMMENDATION_ENDPOINT_SECURITY],
                    "status": STATUS_CONCLUSIVE,
                    "tests": [
                        {
@ -140,7 +140,7 @@ class TestZeroTrustService(IslandTestCase):
            ],
            NETWORKS: [
                {
-                    "directive": DIRECTIVES[DIRECTIVE_SEGMENTATION],
+                    "recommendation": RECOMMENDATIONS[RECOMMENDATION_SEGMENTATION],
                    "status": STATUS_UNEXECUTED,
                    "tests": [
                        {
@ -150,7 +150,7 @@ class TestZeroTrustService(IslandTestCase):
                    ]
                },
                {
-                    "directive": DIRECTIVES[DIRECTIVE_USER_BEHAVIOUR],
+                    "recommendation": RECOMMENDATIONS[RECOMMENDATION_USER_BEHAVIOUR],
                    "status": STATUS_INCONCLUSIVE,
                    "tests": [
                        {
@ -160,7 +160,7 @@ class TestZeroTrustService(IslandTestCase):
                    ]
                },
                {
-                    "directive": DIRECTIVES[DIRECTIVE_ANALYZE_NETWORK_TRAFFIC],
+                    "recommendation": RECOMMENDATIONS[RECOMMENDATION_ANALYZE_NETWORK_TRAFFIC],
                    "status": STATUS_UNEXECUTED,
                    "tests": [
                        {
@ -172,7 +172,7 @@ class TestZeroTrustService(IslandTestCase):
            ],
            PEOPLE: [
                {
-                    "directive": DIRECTIVES[DIRECTIVE_USER_BEHAVIOUR],
+                    "recommendation": RECOMMENDATIONS[RECOMMENDATION_USER_BEHAVIOUR],
                    "status": STATUS_INCONCLUSIVE,
                    "tests": [
                        {
@ -184,7 +184,7 @@ class TestZeroTrustService(IslandTestCase):
            ],
            "Visibility & Analytics": [
                {
-                    "directive": DIRECTIVES[DIRECTIVE_ANALYZE_NETWORK_TRAFFIC],
+                    "recommendation": RECOMMENDATIONS[RECOMMENDATION_ANALYZE_NETWORK_TRAFFIC],
                    "status": STATUS_UNEXECUTED,
                    "tests": [
                        {
@ -197,7 +197,7 @@ class TestZeroTrustService(IslandTestCase):
            "Workloads": []
        }
-        self.assertEquals(ZeroTrustService.get_directives_status(), expected)
+        self.assertEquals(ZeroTrustService.get_recommendations_status(), expected)
    def test_get_pillars_to_statuses(self):
        self.fail_if_not_testing_env()
--- a/monkey/monkey_island/cc/services/reporting/zero_trust_service.py
+++ b/monkey/monkey_island/cc/services/reporting/zero_trust_service.py
@ -39,30 +39,30 @@ class ZeroTrustService(object):
        return pillar_grade
    @staticmethod
-    def get_directives_status():
+    def get_recommendations_status():
-        all_directive_statuses = {}
+        all_recommendations_statuses = {}
        # init with empty lists
        for pillar in PILLARS:
-            all_directive_statuses[pillar] = []
+            all_recommendations_statuses[pillar] = []
-        for directive, directive_tests in DIRECTIVES_TO_TESTS.items():
+        for recommendation, recommendation_tests in RECOMMENDATIONS_TO_TESTS.items():
-            for pillar in DIRECTIVES_TO_PILLARS[directive]:
+            for pillar in RECOMMENDATIONS_TO_PILLARS[recommendation]:
-                all_directive_statuses[pillar].append(
+                all_recommendations_statuses[pillar].append(
                    {
-                        "directive": DIRECTIVES[directive],
+                        "recommendation": RECOMMENDATIONS[recommendation],
-                        "tests": ZeroTrustService.__get_tests_status(directive_tests),
+                        "tests": ZeroTrustService.__get_tests_status(recommendation_tests),
-                        "status": ZeroTrustService.__get_directive_status(directive_tests)
+                        "status": ZeroTrustService.__get_recommendation_status(recommendation_tests)
                    }
                )
-        return all_directive_statuses
+        return all_recommendations_statuses
    @staticmethod
-    def __get_directive_status(directive_tests):
+    def __get_recommendation_status(recommendation_tests):
        worst_status = STATUS_UNEXECUTED
        all_statuses = set()
-        for test in directive_tests:
+        for test in recommendation_tests:
            all_statuses |= set(Finding.objects(test=test).distinct("status"))
        for status in all_statuses:
@ -72,9 +72,9 @@ class ZeroTrustService(object):
        return worst_status
    @staticmethod
-    def __get_tests_status(directive_tests):
+    def __get_tests_status(recommendation_tests):
        results = []
-        for test in directive_tests:
+        for test in recommendation_tests:
            test_findings = Finding.objects(test=test)
            results.append(
                {
--- a/monkey/monkey_island/cc/ui/src/components/pages/ZeroTrustReportPage.js
+++ b/monkey/monkey_island/cc/ui/src/components/pages/ZeroTrustReportPage.js
@ -68,7 +68,7 @@ class ZeroTrustReportPageComponent extends AuthComponent {
    } else {
      content = <div id="MainContentSection">
        {this.generateOverviewSection()}
-        {this.generateDirectivesSection()}
+        {this.generateRecommendationsSection()}
        {this.generateFindingsSection()}
      </div>;
    }
@ -102,7 +102,7 @@ class ZeroTrustReportPageComponent extends AuthComponent {
    </div>);
  }
-  generateDirectivesSection() {
+  generateRecommendationsSection() {
    return (<div id="recommendations-overview">
      <h2>Recommendations</h2>
      <p>
@ -110,11 +110,11 @@ class ZeroTrustReportPageComponent extends AuthComponent {
        to understand how the monkey tested your adherence to that recommendation.
      </p>
      {
-        Object.keys(this.state.directives).map((pillar) =>
+        Object.keys(this.state.recommendations).map((pillar) =>
          <SinglePillarRecommendationsStatus
            key={pillar}
            pillar={pillar}
-            recommendationsStatus={this.state.directives[pillar]}
+            recommendationsStatus={this.state.recommendations[pillar]}
            pillarsToStatuses={this.state.pillars.pillarsToStatuses}/>
        )
      }
@ -152,7 +152,7 @@ class ZeroTrustReportPageComponent extends AuthComponent {
  }
  stillLoadingDataFromServer() {
-    return typeof this.state.findings === "undefined" || typeof this.state.pillars === "undefined" || typeof this.state.directives === "undefined";
+    return typeof this.state.findings === "undefined" || typeof this.state.pillars === "undefined" || typeof this.state.recommendations === "undefined";
  }
  getZeroTrustReportFromServer() {
@ -164,11 +164,11 @@ class ZeroTrustReportPageComponent extends AuthComponent {
          findings: res
        });
      });
-    this.authFetch('/api/report/zero_trust/directives')
+    this.authFetch('/api/report/zero_trust/recommendations')
      .then(res => res.json())
      .then(res => {
        this.setState({
-          directives: res
+          recommendations: res
        });
      });
    this.authFetch('/api/report/zero_trust/pillars')
--- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/RecommendationsStatusTable.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/RecommendationsStatusTable.js
@ -15,7 +15,7 @@ const columns = [
        },
        maxWidth: 80
      },
-      { Header: 'Recommendation', accessor: 'directive',
+      { Header: 'Recommendation', accessor: 'recommendation',
        style: {'whiteSpace': 'unset'}  // This enables word wrap
      },
      { Header: 'Tests', id: 'tests',
@ -66,10 +66,10 @@ class TestsStatus extends AuthComponent {
 export class RecommendationsStatusTable extends AuthComponent {
  render() {
-    return <PaginatedTable data={this.props.directivesStatus} columns={columns} pageSize={5}/>;
+    return <PaginatedTable data={this.props.recommendationsStatus} columns={columns} pageSize={5}/>;
  }
 }
 export default RecommendationsStatusTable;
-RecommendationsStatusTable.propTypes = {directivesStatus: PropTypes.array};
+RecommendationsStatusTable.propTypes = {recommendationsStatus: PropTypes.array};
--- a/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SinglePillarRecommendationsStatus.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/zerotrust/SinglePillarRecommendationsStatus.js
@ -22,7 +22,7 @@ export default class SinglePillarRecommendationsStatus extends AuthComponent {
          </Panel.Heading>
          <Panel.Collapse>
            <Panel.Body>
-              <RecommendationsStatusTable directivesStatus={this.props.recommendationsStatus}/>
+              <RecommendationsStatusTable recommendationsStatus={this.props.recommendationsStatus}/>
            </Panel.Body>
          </Panel.Collapse>
        </Panel>