def op_for_event_logs(operation_agent, operation_adversary, executor, ability, operation_link, encoded_command): op = Operation(name='test', agents=[operation_agent], adversary=operation_adversary) op.set_start_details() command_1 = 'whoami' command_2 = 'hostname' executor_1 = executor(name='psh', platform='windows', command=command_1) executor_2 = executor(name='psh', platform='windows', command=command_2) ability_1 = ability(ability_id='123', tactic='test tactic', technique_id='T0000', technique_name='test technique', name='test ability', description='test ability desc', executors=[executor_1]) ability_2 = ability(ability_id='456', tactic='test tactic', technique_id='T0000', technique_name='test technique', name='test ability 2', description='test ability 2 desc', executors=[executor_2]) link_1 = operation_link(ability=ability_1, paw=operation_agent.paw, executor=executor_1, command=encoded_command(command_1), status=0, host=operation_agent.host, pid=789, decide=datetime.strptime('2021-01-01 08:00:00', '%Y-%m-%d %H:%M:%S'), collect=datetime.strptime('2021-01-01 08:01:00', '%Y-%m-%d %H:%M:%S'), finish='2021-01-01 08:02:00') link_2 = operation_link(ability=ability_2, paw=operation_agent.paw, executor=executor_2, command=encoded_command(command_2), status=0, host=operation_agent.host, pid=7890, decide=datetime.strptime('2021-01-01 09:00:00', '%Y-%m-%d %H:%M:%S'), collect=datetime.strptime('2021-01-01 09:01:00', '%Y-%m-%d %H:%M:%S'), finish='2021-01-01 09:02:00') discarded_link = operation_link(ability=ability_2, paw=operation_agent.paw, executor=executor_2, command=encoded_command(command_2), status=-2, host=operation_agent.host, pid=7891, decide=datetime.strptime( '2021-01-01 10:00:00', '%Y-%m-%d %H:%M:%S')) op.chain = [link_1, link_2, discarded_link] return op
def test_ran_ability_id(self, ability, adversary): op = Operation(name='test', agents=[], adversary=adversary) mock_link = MagicMock(spec=Link, ability=ability(ability_id='123'), finish='2021-01-01 08:00:00') op.chain = [mock_link] assert op.ran_ability_id('123')
def test_ran_ability_id(self, ability, adversary): op = Operation(name='test', agents=[], adversary=adversary) mock_link = MagicMock(spec=Link, ability=ability(ability_id='123'), finish=MOCK_LINK_FINISH_TIME) op.chain = [mock_link] assert op.ran_ability_id('123')
def op_for_event_logs(operation_agent, operation_adversary, executor, ability, operation_link, encoded_command, parse_datestring): op = Operation(name='test', agents=[operation_agent], adversary=operation_adversary) op.set_start_details() command_1 = 'whoami' command_2 = 'hostname' executor_1 = executor(name='psh', platform='windows', command=command_1) executor_2 = executor(name='psh', platform='windows', command=command_2) ability_1 = ability(ability_id='123', tactic='test tactic', technique_id='T0000', technique_name='test technique', name='test ability', description='test ability desc', executors=[executor_1]) ability_2 = ability(ability_id='456', tactic='test tactic', technique_id='T0000', technique_name='test technique', name='test ability 2', description='test ability 2 desc', executors=[executor_2]) link_1 = operation_link(ability=ability_1, paw=operation_agent.paw, executor=executor_1, command=encoded_command(command_1), status=0, host=operation_agent.host, pid=789, decide=parse_datestring(LINK1_DECIDE_TIME), collect=parse_datestring(LINK1_COLLECT_TIME), finish=LINK1_FINISH_TIME) link_2 = operation_link(ability=ability_2, paw=operation_agent.paw, executor=executor_2, command=encoded_command(command_2), status=0, host=operation_agent.host, pid=7890, decide=parse_datestring(LINK2_DECIDE_TIME), collect=parse_datestring(LINK2_COLLECT_TIME), finish=LINK2_FINISH_TIME) discarded_link = operation_link( ability=ability_2, paw=operation_agent.paw, executor=executor_2, command=encoded_command(command_2), status=-2, host=operation_agent.host, pid=7891, decide=parse_datestring('2021-01-01T10:00:00Z')) op.chain = [link_1, link_2, discarded_link] return op