Commit Graph

11330 Commits

Author SHA1 Message Date
Ilija Lazoroski 491612f9e8 Common: Add T1005 and T1145 attack technique tags 2022-10-05 11:21:28 +02:00
Ilija Lazoroski 0ed167fb48 Agent: Import attack technique tags from common in Zerologon 2022-10-05 11:13:39 +02:00
Ilija Lazoroski e46bb8964d Common: Add T1003 and T1098 attack technique tags 2022-10-05 11:11:18 +02:00
Mike Salvatore fd8ea53e8b Merge branch '2269-remove-find_monkeys_in_db' into develop
PR #2391
2022-10-04 18:21:00 -04:00
Mike Salvatore bbbb1ac773 Island: Remove disused LogBlackboxEndpoint 2022-10-04 16:30:13 -04:00
Mike Salvatore 6ae7676322 BB: Pass generator instead of list comprehension to all()
This will allow a short-circuit.
2022-10-04 16:30:13 -04:00
Mike Salvatore b713cce893 Island: Remove /api/test/monkey endpoint 2022-10-04 16:30:13 -04:00
Kekoa Kaaikala 2bea619786 BB: Removed unused method and endpoint 2022-10-04 16:30:13 -04:00
Kekoa Kaaikala e0c9717da9 BB: Update test_compabitiblity to use new api 2022-10-04 16:30:13 -04:00
Kekoa Kaaikala 73fbc22e3d BB: Remove find_monkeys_in_db 2022-10-04 16:30:13 -04:00
Mike Salvatore a691a16625
Merge pull request #2393 from guardicore/2269-update-hostexploiter
2269 update hostexploiter
2022-10-04 15:34:08 -04:00
Mike Salvatore 3172433410 Agent: Swap order of _publish_{propagation,exploitation}_event()
Putting _publish_exploitation_event() first puts the methods in both
alphabetical and chronological order.
2022-10-04 15:20:14 -04:00
Mike Salvatore 8e6a098a2e Project: Add HostExploiter methods to vulture_allowlist.py 2022-10-04 15:18:12 -04:00
Kekoa Kaaikala a07eadce60 Common: Add T1570 attack technique 2022-10-04 18:00:41 +00:00
Kekoa Kaaikala d1a8ce2082 Common: Add T1210 tag 2022-10-04 17:58:33 +00:00
Kekoa Kaaikala 6a100105be Common: Order attack tags alphanumerically 2022-10-04 17:58:23 +00:00
Ilija Lazoroski 8b4af5c349 Common: Fix typo in attack tags 2022-10-04 17:57:57 +00:00
Ilija Lazoroski dd35bebb3e Common: Add T1203 attack technique tag 2022-10-04 17:57:16 +00:00
Ilija Lazoroski bb11ea7857 Common: Add attack tags 2022-10-04 17:56:49 +00:00
Kekoa Kaaikala ee77eddaab Agent: Fix tuple type hint 2022-10-04 17:50:39 +00:00
Kekoa Kaaikala 116ae90f3d UT: Remove host exploiter tests 2022-10-04 17:45:30 +00:00
Kekoa Kaaikala b94002a984 Agent: Make publish methods private 2022-10-04 17:44:37 +00:00
Ilija Lazoroski 8e161f0fd9 Agent: Accept tuple as tags to HostExploiter publish events methods 2022-10-04 17:36:27 +00:00
Ilija Lazoroski 95b3556cd0 Agent: Exploiter name when publishing events to be __class__.__name__ 2022-10-04 17:36:05 +00:00
Kekoa Kaaikala a79d40b42e UT: Fix powershell tests 2022-10-04 17:35:33 +00:00
Kekoa Kaaikala 3e86766aaf Agent: Use default value for exploiter name 2022-10-04 17:35:05 +00:00
Ilija Lazoroski 0b72e4ef9a Agent: Add publish methods to HostExploiter 2022-10-04 17:34:41 +00:00
Ilija Lazoroski bf4fecf464 Agent: Rename event_queue to agent_event_queue in HostExploiter 2022-10-04 17:34:31 +00:00
Mike Salvatore 4ace93e417 Merge branch 'consolidate-agent-event-handlers' into develop
PR #2390
2022-10-03 15:19:16 -04:00
Mike Salvatore adee0b4063 Agent: Move add_credentials_from_event to agent_event_handlers package 2022-10-03 14:47:03 -04:00
Mike Salvatore 37b884a5b8 Agent: Move agent_event_forwarder.py to agent_event_handlers package 2022-10-03 14:47:03 -04:00
Mike Salvatore a3ce870b64
Merge pull request #2389 from guardicore/2269-notify-relay-on-propagation
2269 notify relay on propagation
2022-10-03 14:46:14 -04:00
Mike Salvatore 399fedfba5 UT: Rename test_relay_not_notified_if_none 2022-10-03 14:45:44 -04:00
Kekoa Kaaikala 57b4ec4117 BB: Refactor agent communication check
Updated CommunicationAnalyzer to use the /api/agents and /api/machines
endpoints to determine whether or not an agent communicated back to the
island.

Resolves PR #2388
2022-10-03 14:28:22 -04:00
Mike Salvatore a8383f4a79 Agent: Add docstrings to notify_relay_on_propagation 2022-10-03 13:25:30 -04:00
Mike Salvatore d3ff56138f Agent: Remove disused ExploitInterceptingTelemetryMessenger 2022-10-03 13:15:55 -04:00
Mike Salvatore 2ad972548b Agent: Remove ExploitInterceptingTelemetryMessenger decoration 2022-10-03 13:15:55 -04:00
Mike Salvatore fb7d62e318 Agent: Subscribe notify_relay_on_propagation to PropagationEvent events 2022-10-03 13:15:55 -04:00
Mike Salvatore 0466eb7239 Agent: Add notify_relay_on_propagation agent event handler 2022-10-03 13:15:55 -04:00
Mike Salvatore 368ddde20f Common: Register serializers for {Exploitation,Propagation}Event 2022-10-03 13:15:12 -04:00
Mike Salvatore eb16969a56 Merge branch '2362-bb-get-agent-logs' into develop
PR #2384
2022-10-03 10:41:30 -04:00
Mike Salvatore a8627aed48 Merge branch '2269-exploitation-event' into develop
PR #2387
2022-10-03 10:36:25 -04:00
Mike Salvatore 07839a46ae
Merge pull request #2385 from guardicore/2269-propagation-event
Define Propagation Event
2022-10-03 10:34:33 -04:00
Ilija Lazoroski 779fc63edc Common: Add param docstring in TCPScanEvent 2022-10-03 16:26:55 +02:00
Ilija Lazoroski d1af356e19 UT: Add tests for PropagationEvent 2022-10-03 16:25:47 +02:00
Ilija Lazoroski 3389915399 Common: Add PropagationEvent to agent_events 2022-10-03 16:25:45 +02:00
Ilija Lazoroski fa2ac64b16 UT: Add ExploitationEvent tests 2022-10-03 16:24:09 +02:00
Ilija Lazoroski a7872d69cf Common: Add ExploitationEvent to agent_events 2022-10-03 16:24:07 +02:00
Mike Salvatore 82c81c2a4b Common: Move JSONSerializable to common.types 2022-10-03 10:19:16 -04:00
Mike Salvatore cfd49db8d2 Island: Use logger.exception() 2022-10-03 10:16:40 -04:00