Changed attack telemetry to be regular telemetry.

Made telemetries OOP (not retroactively)
2019-06-02 17:44:56 +03:00 · 2019-06-02 17:44:56 +03:00 · fc28135e00
parent 9021463cd2
commit fc28135e00
12 changed files with 91 additions and 113 deletions
--- a/monkey/infection_monkey/monkey.py
+++ b/monkey/infection_monkey/monkey.py
@ -15,10 +15,10 @@ from infection_monkey.network.firewall import app as firewall
 from infection_monkey.network.network_scanner import NetworkScanner
 from infection_monkey.system_info import SystemInfoCollector
 from infection_monkey.system_singleton import SystemSingleton
+from infection_monkey.telemetry.attack.victim_host_telem import VictimHostTelem
 from infection_monkey.windows_upgrader import WindowsUpgrader
 from infection_monkey.post_breach.post_breach_handler import PostBreach
 from common.utils.attack_utils import ScanStatus
-from infection_monkey.transport.attack_telems.victim_host_telem import VictimHostTelem
 from infection_monkey.exploit.tools import get_interface_to_target

 __author__ = 'itamar'
@ -186,11 +186,11 @@ class InfectionMonkey(object):
                    for exploiter in [exploiter(machine) for exploiter in self._exploiters]:
                        if self.try_exploiting(machine, exploiter):
                            host_exploited = True
-                            VictimHostTelem('T1210', ScanStatus.USED.value, machine=machine).send()
+                            VictimHostTelem('T1210', ScanStatus.USED, machine).send()
                            break
                    if not host_exploited:
                        self._fail_exploitation_machines.add(machine)
-                        VictimHostTelem('T1210', ScanStatus.SCANNED.value, machine=machine).send()
+                        VictimHostTelem('T1210', ScanStatus.SCANNED, machine).send()
                if not self._keep_running:
                    break

--- a/monkey/infection_monkey/telemetry/init.py
+++ b/monkey/infection_monkey/telemetry/init.py
--- a/monkey/infection_monkey/telemetry/attack/init.py
+++ b/monkey/infection_monkey/telemetry/attack/init.py
--- a/monkey/infection_monkey/telemetry/attack/attack_telem.py
+++ b/monkey/infection_monkey/telemetry/attack/attack_telem.py
@ -0,0 +1,28 @@
+import logging
+
+from infection_monkey.telemetry.base_telem import BaseTelem
+
+__author__ = "VakarisZ"
+
+LOG = logging.getLogger(__name__)
+
+
+class AttackTelem(BaseTelem):
+
+    def __init__(self, technique, status):
+        """
+        Default ATT&CK telemetry constructor
+        :param technique: Technique ID. E.g. T111
+        :param status: ScanStatus of technique
+        """
+        super(AttackTelem, self).__init__()
+        self.technique = technique
+        self.status = status
+
+    telem_type = 'attack'
+
+    def get_data(self):
+        return {
+            'status': self.status.value,
+            'technique': self.technique
+        }
--- a/monkey/infection_monkey/telemetry/attack/victim_host_telem.py
+++ b/monkey/infection_monkey/telemetry/attack/victim_host_telem.py
@ -0,0 +1,21 @@
+from infection_monkey.telemetry.attack.attack_telem import AttackTelem
+
+__author__ = "VakarisZ"
+
+
+class VictimHostTelem(AttackTelem):
+
+    def __init__(self, technique, status, machine):
+        """
+        ATT&CK telemetry that parses and sends VictimHost's (remote machine's) data
+        :param technique: Technique ID. E.g. T111
+        :param status: ScanStatus of technique
+        :param machine: VictimHost obj from model/host.py
+        """
+        super(VictimHostTelem, self).__init__(technique, status)
+        self.machine = {'domain_name': machine.domain_name, 'ip_addr': machine.ip_addr}
+
+    def get_data(self):
+        return super(VictimHostTelem, self).get_data().update({
+            'machine': self.machine
+        })
--- a/monkey/infection_monkey/telemetry/base_telem.py
+++ b/monkey/infection_monkey/telemetry/base_telem.py
@ -0,0 +1,39 @@
+import abc
+
+from infection_monkey.control import ControlClient
+import logging
+
+__author__ = 'itay.mizeretz'
+
+LOG = logging.getLogger(__name__)
+
+
+class BaseTelem(object):
+    """
+    Abstract base class for telemetry.
+    """
+
+    __metaclass__ = abc.ABCMeta
+
+    def __init__(self):
+        pass
+
+    def send(self):
+        """
+        Sends telemetry to island
+        """
+        ControlClient.send_telemetry(self.telem_type, self.get_data())
+
+    @abc.abstractproperty
+    def telem_type(self):
+        """
+        :return: Telemetry type
+        """
+        pass
+
+    @abc.abstractmethod
+    def get_data(self):
+        """
+        :return: Telemetry type
+        """
+        pass
--- a/monkey/infection_monkey/transport/attack_telems/init.py
+++ b/monkey/infection_monkey/transport/attack_telems/init.py
@ -1 +0,0 @@
-__author__ = 'VakarisZ'
--- a/monkey/infection_monkey/transport/attack_telems/base_telem.py
+++ b/monkey/infection_monkey/transport/attack_telems/base_telem.py
@ -1,41 +0,0 @@
-from infection_monkey.config import WormConfiguration, GUID
-import requests
-import json
-from infection_monkey.control import ControlClient
-import logging
-
-__author__ = "VakarisZ"
-
-LOG = logging.getLogger(__name__)
-
-
-class AttackTelem(object):
-
-    def __init__(self, technique, status, data=None):
-        """
-        Default ATT&CK telemetry constructor
-        :param technique: Technique ID. E.g. T111
-        :param status: int from ScanStatus Enum
-        :param data: Other data relevant to the attack technique
-        """
-        self.technique = technique
-        self.result = status
-        self.data = {'status': status, 'id': GUID}
-        if data:
-            self.data.update(data)
-
-    def send(self):
-        """
-        Sends telemetry to island
-        """
-        if not WormConfiguration.current_server:
-            return
-        try:
-            requests.post("https://%s/api/attack/%s" % (WormConfiguration.current_server, self.technique),
-                          data=json.dumps(self.data),
-                          headers={'content-type': 'application/json'},
-                          verify=False,
-                          proxies=ControlClient.proxies)
-        except Exception as exc:
-            LOG.warn("Error connecting to control server %s: %s",
-                     WormConfiguration.current_server, exc)
--- a/monkey/infection_monkey/transport/attack_telems/victim_host_telem.py
+++ b/monkey/infection_monkey/transport/attack_telems/victim_host_telem.py
@ -1,18 +0,0 @@
-from infection_monkey.transport.attack_telems.base_telem import AttackTelem
-
-__author__ = "VakarisZ"
-
-
-class VictimHostTelem(AttackTelem):
-
-    def __init__(self, technique, status, machine, data=None):
-        """
-        ATT&CK telemetry that parses and sends VictimHost's (remote machine's) data
-        :param technique: Technique ID. E.g. T111
-        :param status: int from ScanStatus Enum
-        :param machine: VictimHost obj from model/host.py
-        :param data: Other data relevant to the attack technique
-        """
-        super(VictimHostTelem, self).__init__(technique, status, data)
-        victim_host = {'hostname': machine.domain_name, 'ip': machine.ip_addr}
-        self.data.update({'machine': victim_host})
--- a/monkey/monkey_island/cc/app.py
+++ b/monkey/monkey_island/cc/app.py
@ -33,7 +33,6 @@ from monkey_island.cc.services.database import Database
 from monkey_island.cc.consts import MONKEY_ISLAND_ABS_PATH
 from monkey_island.cc.services.remote_run_aws import RemoteRunAwsService
 from monkey_island.cc.resources.pba_file_upload import FileUpload
-from monkey_island.cc.resources.attack_telem import AttackTelem
 from monkey_island.cc.resources.attack_config import AttackConfiguration

 __author__ = 'Barak'
@ -132,7 +131,6 @@ def init_api_resources(api):
                     '/api/fileUpload/<string:file_type>?restore=<string:filename>')
    api.add_resource(RemoteRun, '/api/remote-monkey', '/api/remote-monkey/')
    api.add_resource(AttackConfiguration, '/api/attack')
-    api.add_resource(AttackTelem, '/api/attack/<string:technique>')
    api.add_resource(VersionUpdate, '/api/version-update', '/api/version-update/')


--- a/monkey/monkey_island/cc/resources/attack_telem.py
+++ b/monkey/monkey_island/cc/resources/attack_telem.py
@ -1,24 +0,0 @@
-import flask_restful
-from flask import request
-import json
-from monkey_island.cc.services.attack.attack_telem import AttackTelemService
-import logging
-
-__author__ = 'VakarisZ'
-
-LOG = logging.getLogger(__name__)
-
-
-class AttackTelem(flask_restful.Resource):
-    """
-    ATT&CK endpoint used to retrieve matrix related info from monkey
-    """
-
-    def post(self, technique):
-        """
-        Gets ATT&CK telemetry data and stores it in the database
-        :param technique: Technique ID, e.g. T1111
-        """
-        data = json.loads(request.data)
-        AttackTelemService.set_results(technique, data)
-        return {}
--- a/monkey/monkey_island/cc/services/attack/attack_telem.py
+++ b/monkey/monkey_island/cc/services/attack/attack_telem.py
@ -1,24 +0,0 @@
-"""
-File that contains ATT&CK telemetry storing/retrieving logic
-"""
-import logging
-from monkey_island.cc.database import mongo
-
-__author__ = "VakarisZ"
-
-logger = logging.getLogger(__name__)
-
-
-class AttackTelemService(object):
-    def __init__(self):
-        pass
-
-    @staticmethod
-    def set_results(technique, data):
-        """
-        Adds ATT&CK technique results(telemetry) to the database
-        :param technique: technique ID string e.g. T1110
-        :param data: Data, relevant to the technique
-        """
-        data.update({'technique': technique})
-        mongo.db.attack_results.insert(data)