Skip to content

Rename ransomware telem #1273

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 29, 2021
Merged

Rename ransomware telem #1273

merged 1 commit into from
Jun 29, 2021

Conversation

mssalvatore
Copy link
Collaborator

@mssalvatore mssalvatore commented Jun 28, 2021
edited
Loading

What does this PR do?

Ransomware will soon do more than just encrypt files. We should give the telemetry that's related to encrypting files a more descriptive name that better describes what it is reporting.

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?

Testing Checklist

  • Added relevant unit tests?
  • Have you successfully tested your changes locally? Elaborate:

    Tested by running the monkey agent from source

  • If applicable, add screenshots or log transcripts of the feature working

Screenshots

image

@mssalvatore mssalvatore changed the base branch from develop to batchable-telemetry June 28, 2021 17:17
@mssalvatore
agent: Rename RansomwareTelem -> FileEncryptionTelem
49eb1cd 
Ransomware will soon do more than just encrypt files. We should give the
telemetry that's related to encrypting files a more descriptive name
that better describes what it is reporting.
@mssalvatore mssalvatore force-pushed the rename-ransomware-telem branch from 475596c to 49eb1cd Compare June 28, 2021 17:20
@codecov
Copy link

codecov bot commented Jun 28, 2021
edited
Loading

Codecov Report

Merging #1273 (49eb1cd) into batchable-telemetry (543f003) will not change coverage.
The diff coverage is 100.00%.

Impacted file tree graph

@@                 Coverage Diff                  @@
##           batchable-telemetry    #1273   +/-   ##
====================================================
  Coverage                30.59%   30.59%           
====================================================
  Files                      448      448           
  Lines                    13417    13417           
====================================================
  Hits                      4105     4105           
  Misses                    9312     9312
Impacted Files Coverage Δ
monkey/common/common_consts/telem_categories.py 100.00% <100.00%> (ø)
.../infection_monkey/ransomware/ransomware_payload.py 97.95% <100.00%> (ø)
...nfection_monkey/telemetry/file_encryption_telem.py 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 543f003...49eb1cd. Read the comment docs.

shreyamalviya
shreyamalviya reviewed Jun 29, 2021
View reviewed changes
monkey/infection_monkey/telemetry/file_encryption_telem.py

def get_data(self):
return {"ransomware_attempts": self._telemetry_entries}
return {"files": self._telemetry_entries}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't something like encryption_attempts better explain this? The telem contains files and their encryption attempt results, not just files.

Copy link
Collaborator Author

@mssalvatore mssalvatore Jun 29, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think so. I feel like encryption_attempts assumes failure, while files assumes success. encryption_attempts isn't really clear about what it contains. What does an "encryption attempt" involve? Timestamps? Scope? "file_encryption -> files" seems pretty clear to me: it contains information about the files that were encrypted.

I'm no UX expert, though, and I'm not the best at naming. We can have a longer debate about this.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@shreyamalviya have agreed this is good enough for now, but will be revisited when we establish patterns and conventions for Action plugins (which don't exist right now).

Base automatically changed from batchable-telemetry to develop June 29, 2021 14:35
@mssalvatore mssalvatore merged commit 8ad8223 into develop Jun 29, 2021
@mssalvatore mssalvatore deleted the rename-ransomware-telem branch June 29, 2021 15:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shreyamalviya shreyamalviya shreyamalviya approved these changes

@VakarisZ VakarisZ Awaiting requested review from VakarisZ

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mssalvatore @shreyamalviya