Beispiel #1
0
def update_edges_and_nodes_based_on_scan_telemetry(telemetry_json):
    edge = get_edge_by_scan_or_exploit_telemetry(telemetry_json)
    data = copy.deepcopy(telemetry_json['data']['machine'])
    ip_address = data.pop("ip_addr")
    domain_name = data.pop("domain_name")
    new_scan = \
        {
            "timestamp": telemetry_json["timestamp"],
            "data": data
        }
    mongo.db.edge.update({"_id": edge["_id"]}, {
        "$push": {
            "scans": new_scan
        },
        "$set": {
            "ip_address": ip_address,
            'domain_name': domain_name
        }
    })
    node = mongo.db.node.find_one({"_id": edge["to"]})
    if node is not None:
        scan_os = new_scan["data"]["os"]
        if "type" in scan_os:
            mongo.db.node.update({"_id": node["_id"]},
                                 {"$set": {
                                     "os.type": scan_os["type"]
                                 }},
                                 upsert=False)
        if "version" in scan_os:
            mongo.db.node.update({"_id": node["_id"]},
                                 {"$set": {
                                     "os.version": scan_os["version"]
                                 }},
                                 upsert=False)
Beispiel #2
0
def process_exploit_telemetry(telemetry_json):
    encrypt_exploit_creds(telemetry_json)
    edge = get_edge_by_scan_or_exploit_telemetry(telemetry_json)
    update_network_with_exploit(edge, telemetry_json)
    update_node_credentials_from_successful_attempts(edge, telemetry_json)

    test_machine_exploited(
        current_monkey=Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid']),
        exploit_successful=telemetry_json['data']['result'],
        exploiter=telemetry_json['data']['exploiter'],
        target_ip=telemetry_json['data']['machine']['ip_addr'],
        timestamp=telemetry_json['timestamp'])
Beispiel #3
0
def process_exploit_telemetry(telemetry_json):
    encrypt_exploit_creds(telemetry_json)
    edge = get_edge_by_scan_or_exploit_telemetry(telemetry_json)
    update_network_with_exploit(edge, telemetry_json)
    update_node_credentials_from_successful_attempts(edge, telemetry_json)
    add_exploit_extracted_creds_to_config(telemetry_json)

    check_machine_exploited(
        current_monkey=Monkey.get_single_monkey_by_guid(
            telemetry_json["monkey_guid"]),
        exploit_successful=telemetry_json["data"]["result"],
        exploiter=telemetry_json["data"]["exploiter"],
        target_ip=telemetry_json["data"]["machine"]["ip_addr"],
        timestamp=telemetry_json["timestamp"],
    )
Beispiel #4
0
def update_edges_and_nodes_based_on_scan_telemetry(telemetry_json):
    edge = get_edge_by_scan_or_exploit_telemetry(telemetry_json)
    edge.update_based_on_scan_telemetry(telemetry_json)

    node = mongo.db.node.find_one({"_id": edge.dst_node_id})
    if node is not None:
        scan_os = telemetry_json['data']['machine']["os"]
        if "type" in scan_os:
            mongo.db.node.update({"_id": node["_id"]},
                                 {"$set": {
                                     "os.type": scan_os["type"]
                                 }},
                                 upsert=False)
        if "version" in scan_os:
            mongo.db.node.update({"_id": node["_id"]},
                                 {"$set": {
                                     "os.version": scan_os["version"]
                                 }},
                                 upsert=False)
        label = NodeService.get_label_for_endpoint(node["_id"])
        edge.update_label(node["_id"], label)