From f7d66e0ebc3d6ec8c71e1832b206ff825a9dd684 Mon Sep 17 00:00:00 2001
From: Shay Nehmad <shay.nehmad@guardicore.com>
Date: Sun, 1 Sep 2019 12:10:27 +0300
Subject: [PATCH] Realize the previous idea was stupid and aggregate all
 exploit attempts based on status alone

---
 .../zero_trust_tests/machine_exploited.py      | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py
index 1afe8bfe1..ef300d82b 100644
--- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py
+++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/machine_exploited.py
@@ -34,19 +34,11 @@ def test_machine_exploited(telemetry_json):
         )
         status = STATUS_FAILED
 
-    # aggregate only passed tests (which means exploit failed). Each successful exploit gets its own finding. 
-    if status == STATUS_FAILED:
-        Finding.save_finding(
-            test=TEST_MACHINE_EXPLOITED,
-            status=status,
-            events=events
-        )
-    else:
-        AggregateFinding.create_or_add_to_existing(
-            test=TEST_MACHINE_EXPLOITED,
-            status=status,
-            events=events
-        )
+    AggregateFinding.create_or_add_to_existing(
+        test=TEST_MACHINE_EXPLOITED,
+        status=status,
+        events=events
+    )
 
     AggregateFinding.create_or_add_to_existing(
         test=TEST_MALICIOUS_ACTIVITY_TIMELINE,