Island: change ransomware report table to return the amount of files encrypted and the number of total encryption attempts

2021-07-13 09:08:27 +03:00 · 2021-07-13 09:08:27 +03:00 · f8cbd4cb33
parent 10a375ea66
commit f8cbd4cb33
2 changed files with 41 additions and 8 deletions
--- a/monkey/monkey_island/cc/services/ransomware/ransomware_report.py
+++ b/monkey/monkey_island/cc/services/ransomware/ransomware_report.py
@ -8,19 +8,36 @@ from monkey_island.cc.services.reporting.report import ReportService
 def get_encrypted_files_table():
    query = [
        {"$match": {"telem_category": "file_encryption"}},
-        {"$unwind": "$data.files"},
+        {"$addFields": {"total_attempts": {"$size": "$data.files"}}},
+        {
+            "$addFields": {
+                "successful_encryptions": {
+                    "$filter": {
+                        "input": "$data.files",
+                        "as": "files",
+                        "cond": {"$eq": ["$$files.success", True]},
+                    }
+                }
+            }
+        },
+        {"$addFields": {"successful_encryptions": {"$size": "$successful_encryptions"}}},
        {
            "$group": {
-                "_id": {"monkey_guid": "$monkey_guid", "files_encrypted": "$data.files.success"}
+                "_id": {
+                    "monkey_guid": "$monkey_guid",
+                    "successful_encryptions": "$successful_encryptions",
+                    "total_attempts": "$total_attempts",
+                }
            }
        },
        {"$replaceRoot": {"newRoot": "$_id"}},
-        {"$sort": {"files_encrypted": -1}},
+        {"$sort": {"successful_encryptions": -1}},
        {
            "$group": {
                "_id": {"monkey_guid": "$monkey_guid"},
                "monkey_guid": {"$first": "$monkey_guid"},
-                "files_encrypted": {"$first": "$files_encrypted"},
+                "total_attempts": {"$first": "$total_attempts"},
+                "successful_encryptions": {"$first": "$successful_encryptions"},
            }
        },
        {
@ -34,7 +51,8 @@ def get_encrypted_files_table():
        {
            "$project": {
                "monkey": {"$arrayElemAt": ["$monkey", 0]},
-                "files_encrypted": "$files_encrypted",
+                "total_attempts": "$total_attempts",
+                "successful_encryptions": "$successful_encryptions",
            }
        },
    ]
--- a/monkey/tests/unit_tests/monkey_island/cc/services/ransomware/test_ransomware_report.py
+++ b/monkey/tests/unit_tests/monkey_island/cc/services/ransomware/test_ransomware_report.py
@ -46,8 +46,18 @@ def test_get_encrypted_files_table(fake_mongo, monkeypatch):
    results = get_encrypted_files_table()

    assert results == [
-        {"hostname": "test-pc-2", "exploits": ["Manual execution"], "files_encrypted": True},
-        {"hostname": "WinDev2010Eval", "exploits": ["SMB Exploiter"], "files_encrypted": True},
+        {
+            "hostname": "test-pc-2",
+            "exploits": ["Manual execution"],
+            "successful_encryptions": 3,
+            "total_attempts": 3,
+        },
+        {
+            "hostname": "WinDev2010Eval",
+            "exploits": ["SMB Exploiter"],
+            "successful_encryptions": 1,
+            "total_attempts": 1,
+        },
    ]


@ -68,7 +78,12 @@ def test_get_encrypted_files_table__only_errors(fake_mongo, monkeypatch):
    results = get_encrypted_files_table()

    assert results == [
-        {"hostname": "test-pc-2", "exploits": ["Manual execution"], "files_encrypted": False}
+        {
+            "hostname": "test-pc-2",
+            "exploits": ["Manual execution"],
+            "successful_encryptions": 0,
+            "total_attempts": 1,
+        }
    ]