Skip to content

1532 remove mitre attack config #1618

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Nov 22, 2021
Merged

1532 remove mitre attack config #1618

merged 8 commits into from
Nov 22, 2021

Conversation

ilija-lazoroski
Copy link
Contributor

@ilija-lazoroski ilija-lazoroski commented Nov 17, 2021
edited
Loading

What does this PR do?

Fixes #1532 .

Add any further explanations here.

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?

Testing Checklist

  • Added relevant unit tests?
  • Have you successfully tested your changes locally? Elaborate:

    Tested by {Running the Monkey locally with relevant config/running Island/...}

  • If applicable, add screenshots or log transcripts of the feature working

Explain Changes

image

@codecov
Copy link

codecov bot commented Nov 17, 2021
edited
Loading

Codecov Report

Merging #1618 (c7a1c9d) into develop (f3b7803) will increase coverage by 0.06%.
The diff coverage is 20.00%.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop    #1618      +/-   ##
===========================================
+ Coverage    44.90%   44.96%   +0.06%     
===========================================
  Files          469      467       -2     
  Lines        13605    13496     -109     
===========================================
- Hits          6109     6069      -40     
+ Misses        7496     7427      -69
Impacted Files Coverage Δ
monkey/common/utils/attack_utils.py 100.00% <ø> (ø)
monkey/monkey_island/cc/app.py 79.38% <ø> (-0.31%) ⬇️
.../monkey_island/cc/services/attack/attack_schema.py 100.00% <ø> (ø)
...land/cc/services/attack/technique_reports/T1003.py 50.00% <ø> (ø)
...land/cc/services/attack/technique_reports/T1016.py 57.89% <ø> (ø)
...land/cc/services/attack/technique_reports/T1018.py 52.38% <ø> (ø)
...land/cc/services/attack/technique_reports/T1021.py 43.33% <ø> (ø)
...land/cc/services/attack/technique_reports/T1041.py 47.61% <ø> (ø)
...land/cc/services/attack/technique_reports/T1059.py 50.00% <ø> (ø)
...land/cc/services/attack/technique_reports/T1075.py 46.15% <ø> (ø)
... and 26 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f3b7803...c7a1c9d. Read the comment docs.

@ilija-lazoroski ilija-lazoroski marked this pull request as ready for review November 18, 2021 23:07
VakarisZ
VakarisZ reviewed Nov 19, 2021
View reviewed changes
docs/content/usage/scenarios/custom-scenario/attack.md Outdated
@@ -13,12 +13,10 @@ The Infection Monkey can simulate various [ATT&CK](https://attack.mitre.org/matr

## Configuration

- **ATT&CK matrix** You can use the ATT&CK configuration section to select which techniques you want the Infection Monkey to simulate.
For the full simulation, use the default settings.
- **Monkey -> Post breach actions** Enable/Disable post breach action in order to trigger an ATT&CK technique on the network. E.g. Trap command triggers Trap ATT&CK technique.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we're moving away from assessment, maybe it's best to just remove the whole scenario? @mssalvatore

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But the user really needs to know how the mitre attack techniques can be enabled even without the configuration attack screen.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's leave it for now. We're going to reimagine our relationship with MITRE ATT&CK, but removing this now is premature.

VakarisZ
VakarisZ reviewed Nov 19, 2021
View reviewed changes
VakarisZ
VakarisZ reviewed Nov 19, 2021
View reviewed changes
Copy link
Contributor

@VakarisZ VakarisZ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to further investigate swimm, I think some units reference it: .swm/afMu3y3ny5lnrYFWl3EI.swm:10

@VakarisZ
Copy link
Contributor

We need to change comment in monkey/monkey_island/cc/app.py:96

VakarisZ
VakarisZ requested changes Nov 19, 2021
View reviewed changes
Copy link
Contributor

@VakarisZ VakarisZ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The whole monkey/monkey_island/cc/services/attack/attack_config.py needs to go

@mssalvatore
Copy link
Collaborator

The whole monkey/monkey_island/cc/services/attack/attack_config.py needs to go

@VakarisZ The attack report relies on some functions in attack_config.py. The goal of this issue is to remove the config screen from the frontend.

Some work needs to be done to improve the attack report to match the Monkey's clarified mission. When we do that work, the references to the attack config in the backend can be fixed. Until we plan updates to the attack report, I think trying to refactor the backend is wasted effort.

shreyamalviya
shreyamalviya requested changes Nov 19, 2021
View reviewed changes
Copy link
Contributor

@shreyamalviya shreyamalviya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  2. Did you try running the agent and playing with the ATT&CK report? If nothing breaks, we have some logic for the ATT&CK report that would show a technique as disabled (light grey and striked out) if it was disabled from the ATT&CK config. I believe we can get rid of that logic too.

@shreyamalviya
Copy link
Contributor

Also, doesn't show a popup anymore if config changes are not submitted before changing the page, and they're all lost:

x.mp4

@ilija-lazoroski ilija-lazoroski force-pushed the 1532-remove-mitre-attack-config branch from 2158e16 to b3e974b Compare November 19, 2021 17:10
@ilija-lazoroski ilija-lazoroski force-pushed the 1532-remove-mitre-attack-config branch 2 times, most recently from 9f7c6f5 to 9e05125 Compare November 19, 2021 17:19
@ilija-lazoroski ilija-lazoroski force-pushed the 1532-remove-mitre-attack-config branch from 9e05125 to 3983ec2 Compare November 19, 2021 17:21
@ilija-lazoroski ilija-lazoroski force-pushed the 1532-remove-mitre-attack-config branch from 3983ec2 to c7a1c9d Compare November 22, 2021 10:28
@VakarisZ
Copy link
Contributor

The whole monkey/monkey_island/cc/services/attack/attack_config.py needs to go

@VakarisZ The attack report relies on some functions in attack_config.py. The goal of this issue is to remove the config screen from the frontend.

Some work needs to be done to improve the attack report to match the Monkey's clarified mission. When we do that work, the references to the attack config in the backend can be fixed. Until we plan updates to the attack report, I think trying to refactor the backend is wasted effort.

Attack report is no longer logically tied to attack config and the codebase should reflect it. I'm not sure how moving this task to a later date helps us. I'm not sure what changes you have in mind to the attack report, but I can't see any groundbreaking changes. And until then we're keeping some code that makes no sense in the codebase. @ilija-lazoroski I think you've made the right choice to remove attack_config.py

@ilija-lazoroski ilija-lazoroski merged commit 6cc983d into develop Nov 22, 2021
@ilija-lazoroski ilija-lazoroski deleted the 1532-remove-mitre-attack-config branch November 22, 2021 11:06
@shreyamalviya shreyamalviya mentioned this pull request Aug 25, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mssalvatore mssalvatore mssalvatore approved these changes

@shreyamalviya shreyamalviya shreyamalviya approved these changes

@VakarisZ VakarisZ Awaiting requested review from VakarisZ

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove MITRE ATT&CK configuration
4 participants
@ilija-lazoroski @VakarisZ @mssalvatore @shreyamalviya