def op_for_event_logs(operation_agent, operation_adversary, executor, ability,
operation_link, encoded_command):
op = Operation(name='test',
agents=[operation_agent],
adversary=operation_adversary)
op.set_start_details()
command_1 = 'whoami'
command_2 = 'hostname'
executor_1 = executor(name='psh', platform='windows', command=command_1)
executor_2 = executor(name='psh', platform='windows', command=command_2)
ability_1 = ability(ability_id='123',
tactic='test tactic',
technique_id='T0000',
technique_name='test technique',
name='test ability',
description='test ability desc',
executors=[executor_1])
ability_2 = ability(ability_id='456',
tactic='test tactic',
technique_id='T0000',
technique_name='test technique',
name='test ability 2',
description='test ability 2 desc',
executors=[executor_2])
link_1 = operation_link(ability=ability_1,
paw=operation_agent.paw,
executor=executor_1,
command=encoded_command(command_1),
status=0,
host=operation_agent.host,
pid=789,
decide=datetime.strptime('2021-01-01 08:00:00',
'%Y-%m-%d %H:%M:%S'),
collect=datetime.strptime('2021-01-01 08:01:00',
'%Y-%m-%d %H:%M:%S'),
finish='2021-01-01 08:02:00')
link_2 = operation_link(ability=ability_2,
paw=operation_agent.paw,
executor=executor_2,
command=encoded_command(command_2),
status=0,
host=operation_agent.host,
pid=7890,
decide=datetime.strptime('2021-01-01 09:00:00',
'%Y-%m-%d %H:%M:%S'),
collect=datetime.strptime('2021-01-01 09:01:00',
'%Y-%m-%d %H:%M:%S'),
finish='2021-01-01 09:02:00')
discarded_link = operation_link(ability=ability_2,
paw=operation_agent.paw,
executor=executor_2,
command=encoded_command(command_2),
status=-2,
host=operation_agent.host,
pid=7891,
decide=datetime.strptime(
'2021-01-01 10:00:00',
'%Y-%m-%d %H:%M:%S'))
op.chain = [link_1, link_2, discarded_link]
return op
def test_ran_ability_id(self, ability, adversary):
op = Operation(name='test', agents=[], adversary=adversary)
mock_link = MagicMock(spec=Link,
ability=ability(ability_id='123'),
finish='2021-01-01 08:00:00')
op.chain = [mock_link]
assert op.ran_ability_id('123')
def test_ran_ability_id(self, ability, adversary):
op = Operation(name='test', agents=[], adversary=adversary)
mock_link = MagicMock(spec=Link,
ability=ability(ability_id='123'),
finish=MOCK_LINK_FINISH_TIME)
op.chain = [mock_link]
assert op.ran_ability_id('123')
def op_for_event_logs(operation_agent, operation_adversary, executor, ability,
operation_link, encoded_command, parse_datestring):
op = Operation(name='test',
agents=[operation_agent],
adversary=operation_adversary)
op.set_start_details()
command_1 = 'whoami'
command_2 = 'hostname'
executor_1 = executor(name='psh', platform='windows', command=command_1)
executor_2 = executor(name='psh', platform='windows', command=command_2)
ability_1 = ability(ability_id='123',
tactic='test tactic',
technique_id='T0000',
technique_name='test technique',
name='test ability',
description='test ability desc',
executors=[executor_1])
ability_2 = ability(ability_id='456',
tactic='test tactic',
technique_id='T0000',
technique_name='test technique',
name='test ability 2',
description='test ability 2 desc',
executors=[executor_2])
link_1 = operation_link(ability=ability_1,
paw=operation_agent.paw,
executor=executor_1,
command=encoded_command(command_1),
status=0,
host=operation_agent.host,
pid=789,
decide=parse_datestring(LINK1_DECIDE_TIME),
collect=parse_datestring(LINK1_COLLECT_TIME),
finish=LINK1_FINISH_TIME)
link_2 = operation_link(ability=ability_2,
paw=operation_agent.paw,
executor=executor_2,
command=encoded_command(command_2),
status=0,
host=operation_agent.host,
pid=7890,
decide=parse_datestring(LINK2_DECIDE_TIME),
collect=parse_datestring(LINK2_COLLECT_TIME),
finish=LINK2_FINISH_TIME)
discarded_link = operation_link(
ability=ability_2,
paw=operation_agent.paw,
executor=executor_2,
command=encoded_command(command_2),
status=-2,
host=operation_agent.host,
pid=7891,
decide=parse_datestring('2021-01-01T10:00:00Z'))
op.chain = [link_1, link_2, discarded_link]
return op
