Skip to content

Fix ATT&CK report bug: showed a different technique's results under a technique if the PBA behind them was the same#1514

Merged
mssalvatore merged 7 commits intodevelopfrom
pba-attack-telemetry
Oct 6, 2021
Merged

Fix ATT&CK report bug: showed a different technique's results under a technique if the PBA behind them was the same#1514
mssalvatore merged 7 commits intodevelopfrom
pba-attack-telemetry

Conversation

@shreyamalviya
Copy link
Contributor

@shreyamalviya shreyamalviya commented Oct 6, 2021
edited
Loading

What does this PR do?

Fixes #1480 and fixes #1511

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?

Testing Checklist

  • Added relevant unit tests?
  • Have you successfully tested your changes locally? Elaborate:

    Tested by running the Island.

  • If applicable, add screenshots or log transcripts of the feature working

image
image
@codecov
Copy link

codecov bot commented Oct 6, 2021
edited
Loading

Codecov Report

Merging #1514 (5be841d) into develop (e80662f) will increase coverage by 0.00%.
The diff coverage is 50.00%.

Impacted file tree graph

@@ Coverage Diff @@ ## develop #1514 +/- ## ======================================== Coverage 42.99% 42.99% ======================================== Files 477 477 Lines 14173 14170 -3 ======================================== - Hits 6094 6093 -1  + Misses 8079 8077 -2
Impacted Files Coverage Δ
...land/cc/services/attack/technique_reports/T1146.py 100.00% <ø> (+9.09%) ⬆️
...land/cc/services/attack/technique_reports/T1156.py 100.00% <ø> (+9.09%) ⬆️
...land/cc/services/attack/technique_reports/T1504.py 100.00% <ø> (+9.09%) ⬆️
...services/attack/technique_reports/pba_technique.py 44.00% <0.00%> (ø)
...ey/infection_monkey/telemetry/post_breach_telem.py 65.21% <66.66%> (+0.21%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e80662f...5be841d. Read the comment docs.
mssalvatore
mssalvatore reviewed Oct 6, 2021
View reviewed changes
CHANGELOG.md Outdated
the config successfully now.) #1490
- Mimikatz collector no longer fails if Azure credential collector is disabled. #1512 #1493
- Unhandled error when "modify shell startup files PBA" is unable to find regular users. #1507
- ATT&CK report bug that showed a different technique's results under a technique if the PBA behind
Copy link
Collaborator

@mssalvatore mssalvatore Oct 6, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- ATT&CK report bug that showed a different technique's results under a technique if the PBA behind
- ATT&CK report bug that showed a different techniques' results under a technique if the PBA behind
@shreyamalviya
Copy link
Contributor Author

shreyamalviya commented Oct 6, 2021

After 5be841d:

For PBAs with multiple entries in results:
image
And for PBAs with a single entry in results:
image
ilija-lazoroski
ilija-lazoroski approved these changes Oct 6, 2021
View reviewed changes
Copy link
Contributor

@ilija-lazoroski ilija-lazoroski left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested and works. Nicely done.

image

And #1511

image
@mssalvatore mssalvatore merged commit c3ea714 into develop Oct 6, 2021
@mssalvatore mssalvatore deleted the pba-attack-telemetry branch October 6, 2021 16:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

3 participants

@shreyamalviya @ilija-lazoroski @mssalvatore